Newsflash: The local FBI came to our office last week. Don’t worry — we invited them. We wanted to make sure our team is completely up-to-date on cybersecurity, so we can educate our clients to prevent security breaches. It was great to hear it straight from the FBI, but our team wasn’t surprised by what we heard.
Here are a few things that the local FBI and I would both tell you about keeping your information secure:
The definition of insanity is doing the same thing again and expecting different results.
The reason hacking continues is because we want it to be easy to get to our own data. If it’s simple for you, it’s simple for a hacker to get into your account, too. Until technology can make it both simple and secure, we have to change our own behavior to protect our data.
You could go to Amazon right now and order books that teach you how to hack. Does that give you pause? It’s not hard to be a hacker. But that also means that we each have responsibility to protect our own systems — when we throw up our hands and don’t go through much effort to be secure, the bad guys win.
Hackers have come up with lots of ways to make money off our lack of computer security, but here are two ways we can eliminate the risks with good security procedures:
Shooting phish in a barrel
You have probably been exposed to phishing already. With phishing, you get an email that appears to be from someone you trust, or from what appears to be a credible source like your bank, but it asks for your username and password, credit card or other account numbers. Don’t do it! And if they ask you to wire money, stop immediately.
Often, you can find clues in the email. If it’s an unusual request, listen to that little voice inside. Check the email address carefully, and roll over any URLs to see the full address before you click. Don’t open an attachment from this kind of email!
It’s always safer to call and talk to the person (and if it’s your bank, look up the phone number yourself — don’t trust a phone number you see in a suspicious email) to get the full story. Often, you’ll find it’s a scam.
Like Superman’s “c”ryptonite
If you have employees, you have a security threat. It’s that simple. You can’t control every click on every email attachment, or every USB stick or smart phone connected to your computers.
Have you heard of CryptoLocker? This ransomware spreads through a computer and associated computer network via an email attachment, and it encrypts your files. To free your data, you’re told to pay the hackers that created the ransomware. (Recently, ransomware began spreading on Macs, so don’t believe the adage that Macs don’t get hacked, either.)
- Stop, look and ask: Does this seem like an odd request, even if I know who the sender seems to be?
- Back up critical data regularly.
- Create strong passwords. Use upper and lowercase letters, numbers and symbols, and make them longer than eight characters.
- Use a separate password for every site.
- Use multi-factor authentication anywhere it’s offered.
- Connect USBs to any device or computer that has access to important information.
- Back up personal cell phones and tablets to work computers.
- Store your password in a browser.
- Use the same password for email and social media.
- Send a username and password over Internet/data. Make a phone call if you have to share a password.
Just remember the 6 P’s
So, in honor of my dad, who passed a couple of weeks ago, I’ll share his all-time favorite tip: Remember the 6 Ps: Proper Prior Planning Prevents Poor Performance.
If you’re not planning and actively paying attention, you can easily fall victim to a hack that can lead to identity theft, unintended disclosure of intellectual property and dissemination of financial and personal information about you, your employees, your employers and their clients and vendors. Ouch. If the FBI has to get involved, you’re way too late and it was a situation that you could have easily prevented.