5 Don'ts to Avoid Being a Victim of Cybercrime
UPDATED July 7, 2023
Each year over the past decade, cybercrime has increased. This isn't new information to either you or myself. Computers are getting more advanced and as they improve, so too must those who try to hack and attack them and the numbers don't like - cybercriminals are effective. If you're wondering how to avoid this, I can assure you it's not easy, but with the right precautions in place, you can certainly make it as hard as it can be for criminals to attack your business.
According to Duke CFO Global Business Outlook, more than 80 percent of U.S. companies indicate their systems have been successfully hacked in an attempt to steal, change or make public important data. The hacks have been much more successful at smaller companies: 85 percent of them with fewer than 1,000 employees indicate their systems have been successfully penetrated, compared to about 60 percent of larger companies. More than 85 percent of firms in Asia, Europe, Africa and Latin American say they also have been hacked. Think about that. Well over 3/4 of all businesses have been subject to an attack. With technology evolving over time, this number has surely increased, which means that you need to take all the steps that you can to not be a victim. Today, we wanted to share some of our experience with you to give you a quick guide of what not to do so that you won’t be the next easy target for a cyber criminal.
5 Easy Ways to avoid Cryber Attacks
Don't Use Easy Passwords for Accounts
The first thing you shouldn’t do is be lazy in the creation of the passwords that protect you. It is very tempting to create a password for yourself that is simple and easy to remember, like your last name or a number like "12345", but that would be a big mistake. We do this all the time. I can wager you probably have some people sitting near you right now that have easy to crack passwords. Maybe that person is even you!
Hackers can easily decipher simple passwords with common sense. What's the last name of the person I'm attacking? What was their jersey number in high school? Pets? Spouse? Favorite sports team? Worst of all, what's the first half of their email? I'm curious, were any of my guesses close to one of your current passwords? Using simple process of elimination, you could be the victim of the next cyber attack. The last thing you want to do is make it easy for them. Make sure that you use 7 or more characters that include all of the following: capital letters, lower-case letters, numbers, and symbols.
Even more secure, use a passphrase to keep those hackers guessing until the end of time! This is a password that includes spaces and more than two words in a "phrase" or sentence style. The longer the better, hey, even add some numbers while you're in there.
Don't Ignore the Popularity of Multifactor Authentication
The second thing you should absolutely be employing is a two-step process for logging into your accounts. I know, it's an extra step, but by adding this extra step, you're securing your systems in a way that makes it that much harder for cybercriminals to gain anything from you. I see it all the time: a C-level is annoyed by MFA, and therefore refuses to use it despite the fact that the entire company has been asked to utilize it. Unfortunately, hackers only need this one weak link and they're in. Sign, sealed, and data delivered.
There are multiple type of MFA your business can use to doubly secure your systems. Different systems will opt for different types, but they are all equally effective forms of MFA.
- Email codes
- Text and call one-time passwords (OTPs)
- Biometric verification (ADDITIONAL FaceID requirements, not just the FaceID unlock function on your phones)
- Physical key
- Authenticator app
Don't Ignore System Updates and Security Patches
The third thing you shouldn’t do is ignore updates for your software and servers. Install those updates immediately!! Too often we see businesses who get busy and either forget to check for updates, or simply ignore the updates on their systems. They can "do it later" as the age old procrastinators say. This leaves their networks wide open for attack from hackers and cyber criminals.
Software developers constantly work to keep you safe from outside attacks by updating their apps and programs to defend against intrusion. This includes critical security patches! By not updating your software and systems, you essentially let the lock on the gate to your business rust so that it can be easily broken off by outside attackers. Trust me, the few minutes that it takes to update your systems can save you days or weeks of corrective time, thousands of dollars, and potentially, your job.
Don't Click on Every Link Sent To You
Unfortunately, hackers and clever, and sometimes, employees are gullible. Think before you click on ANY website link in an email otherwise you could be the victim of a phishing attack. It's easy to do, you see an email from someone who appears legitimate and when you click that link embedded into false email, your computer begins to download a ransomware codes or as you log into your bank account, a nefarious hacker on the other end now has all they need to steal your identity and your cash. If you see something "phishy," mark it as phishing through your respective email hosting service and do NOT click on anything else. If you "accidentally" click on something, close the browser and alert your security personnel of the email. Don't be the employee who is the weakest link.
Look out for the following things when assessing an email or text (phishing via text messaging is called "smishing") to detect its legitimacy:
- Check the sender: are they in your company? While you're not only going to correspond with people inside the business, you must check to make sure the sender is someone you trust. BIG tip, check to make sure that their email is spelled correctly. Some hackers will simply change one letter of the email address and if you're not careful, it will appear like they're from inside your network.
- Check for spelling mistakes especially in the email address, subject line, or multiple in the body of the text. Not to say that your colleagues can always spell, but multiple, glaring spelling mistakes are a red flag.
- If they EVER ask for banking information or nonpublic personal information (NPI), under no circumstances should you give it to them. Hackers will sometimes ironically say your credentials have been compromised and ask you to sign in. By doing so, you've given them the credential they need to now access your data in that application.
Don't Download or Install Suspicious Apps Before Running a Safety Check
In case you weren’t aware, one of the latest and most dangerous internet scams is "fake apps." Scammers create apps that look and behave like a real app from a legitimate store. These fake apps can infect your phone or tablet and steal confidential information, including bank account and credit card details. They may also secretly install on your device malicious code that can spread, including to your company network. Even with mobile device security, your personal error could mean the difference between keeping and losing your job.
Take a moment and reflect on these five tips before downloading any app:
- When in doubt, check it out. Ask other users before downloading it. Visit the store’s main website to see if it’s mentioned there. Find out from customer support if it’s the real McCoy.
- If you do decide to download an app, first check its reviews. Apps with few reviews or bad reviews are throwing down a red flag.
- Never, EVER click a link in an e-mail to download an app. Get it from the retailer’s website, or from Apple App Store or Google Play.
- Offer as little of your information as possible if you decide to use an app. The less they know, the better. And if ANY app, regardless of reputation, asks for personal, sensitive information, NEVER give it to them. Federal and employment agencies are the only ones should need that and they can only ever use that to verify your identity.
- Think twice before linking your credit card to any app. Number one, do you really need to spend money on that? Number two, do you really want to subject yourself to potential cybercrime for that?
Your Next Step to Avoiding Cyberthreats
Most importantly, get professional help to keep your network safe. It really is a jungle out there. New cyberscams, malware and other types of network security threats are cropping up every day. You have more important things to do than to try and keep up with them all.
Never go it alone when it comes to cybersecurity. We know what you’re good at, and that is your business. You know just what your customers need and can help them at the drop of a dime. You’re an expert at that, just like we are experts at cybersecurity. The best way to protect yourself from cybercrime is to bring in partners like us who have years of experience, expertise, and training in the field. We have seen it all, and because this is what we do for a living, we constantly learn more and focus on what each one of our clients needs. And if for some reason you are attacked by cybercriminals, we can quickly solve your issues and get your business safe and secure once again.
Learn to not make a few simple mistakes that could leave you vulnerable from our years of cyber security experience. Contact us today to make sure your business is protected.
Be a thought leader and share: