“What do you mean I can’t use my wedding date or my wife’s name as my password?”
“I see why I should create a unique password for every single website I use, but I’m just not going to do that because it’s so much easier to use the same one each time.”
“Generate a unique 8 digit code every time I want to log on, in addition to using my password? But that will take me 20 seconds longer each time!”
Laziness Keeps Cyber Criminals in a Job
Laziness and complacency are one of the main reasons cyber breaches happen. For the most part, cyber criminals aren’t using advanced technology and incredible hacking skills to get into corporate systems. They either trick people (e.g. through phishing), or they take advantage of our laziness.
If someone really wanted to get into one of your accounts, they might add you as a friend on facebook (posing as someone you know), you won’t double-check if that person is really who they say they are – even if you’re already friends with them. Once you accept, they can browse through personal information to figure out things like the names of your spouse and children, their birthdays, your wedding date, your favourite football team etc. and try all those things like passwords. If one of them is correct, they’ll be in – because you don’t use two-factor authentication. If one of those passwords doesn’t work, your “friend” can just send you a message with a shortened link to check something out:
“Hey John, Kelly (your wife’s name) sent me this picture – I just wanted to double-check with you? – LINK”.
Your curiosity gets the better of you and you click, installing malware that will track your keystrokes. Alternatively, you could be sent to a “login page” to Google, Dropbox, OneDrive – whatever they want to get into. It’s a fake page. You enter your email address and password, and now they have it.
For a checklist to run suspicious emails against – download our “email security cheat sheet”:
It's NOT Paranoia - It's Sensible
You NEED to be paranoid. There's a lot of untrustworthy people in the world who will try to compromise your accounts for their gain. Your automatic standpoint when receiving online messages or emails should be one of suspicion. If you're automatically trusting until they prove otherwise, you're going to get caught out at some point and it could have catastrophic consequences either personally - or for your business.
1. Have Separate Email Accounts for Different Purposes
Most people just have two separate email accounts. One for work, and one for personal use. Some people just have one, which they use for both.
It would actually be a lot safer to have more than one email account for different purposes.
You should have one for subscribing to newsletters, shopping deals, and creating online accounts etc. This should be completely separate from your work account, and from your personal account that you use to communicate with other people.
This reduces the likelihood that you'll get spam, phishing emails or malware through your important accounts.
Think about it. If one of the online services you sign up to doesn't do enough to protect the security of their users' login credentials, and they become exposed, would you rather that be your work email address, your important personal email address, or an email address you only use for signing up to online services? You could take this further and create another one for your main social media accounts, separate from the one you use for shopping deals, newsletters and other less-used online accounts. Our social media accounts can be a trove of personal information for cyber criminals to use, so reducing the likelihood of the login email address being exposed is a good idea.
2. Don't "Check-in" or Add Your Location to Social Posts
Geotagging posts and checking in can tell anyone where you are. You might think everyone on your friends list is trustworthy, but can you trust everyone they can potentially share the post with, even if done innocently? While you're at it, make all your social networks private so the whole world can't see your posts.
This is important if you're going away on holiday. If you go to lengths to make it appear that someone is at home, like making sure your lights come on at set times, but then you "check-in" when you're abroad, - stop for a second and have a think about how stupid that is.
Many people come home to realise they've been burgled. Take a precaution and don't post anything about your holiday until you're home.
From a business point of view, this is just as relevant. CEO impersonation is on the rise. Accounts and finance people in businesses are being targeted and tricked into transferring large sums of money to accounts held by cyber criminals. They're sent a spoofed email that looks like it's from their company's CEO - telling them a sensitive business transaction is about to take place, and they will shortly receive a call with more details - and to carry out the instructions. If the CEO is checking in from the Maldives, cyber criminals know it's a good time to strike.
3. Cover Your Laptop's Webcam
If you get infected with Malware, a cyber criminal can potentially take control of your computer. That means they can watch you through your webcam, or set it to record video or take pictures at set intervals. Disconnect yours when not in use, or put tape over it if it's built into your laptop.
You might think this never happens in reality, but it happens a lot more often than you'd believe. Here's an example where Miss Teen USA was spied on by an ex-school classmate, through her webcam. If that's not scary enough, remember that the Snowden revelations confirmed that government agencies can watch us through our smartphone cameras and listen through the microphone.
4. Don't Click on Short Links
Many link shorteners now exist to make lengthy URLs look more presentable, fit into social media character limits, or add a click tracking ability - e.g. for marketing purposes.
Here's an example shortened link with the clickability removed (it only goes to our homepage anyway) https://goo.gl/vliLmI
Others look similar, such as bit.ly, ow.ly or hubs.ly
The problem with these links is you can't preview where they're going to take you. Other links, such as this one can be previewed by hovering over them - and it tells you in the bottom of your browser where it's going to.
As you can't check where a shortened link is taking you to, clicking on it is a complete lottery.
Want More Tips?
We hope you’ve found these cyber security tips useful.
If you’d like to find out more about how we can help protect your business from cyber attacks, click here to book your free consultation call
Want to know what it takes to stay cyber secure? Download our handy IT Security Health Check here.