Cybersecurity is one of the most important aspects of running a business. Therefore, here are some of the best ways that your employees can contribute to your company’s technology security practices.Change Passwords Frequently
Passwords are one of the most common ways that accounts and data are protected, for both commercial and personal uses. As such, you’ll see a wide array of different passwords that could be used, which means that you’ll see easy-to-remember passwords like “password” or “123456.” To keep your business from falling victim to this vulnerability, consider the following best practices:
- Make your passwords long (at least 16 characters). The longer, the better, as this makes the passwords more difficult to guess.
- Make your passwords complex. Use a plethora of special characters, numbers, and both upper and lower-case letters.
- Never use the same password twice. When a hacker steals a password, they may try to use it on other related accounts.
A password manager can make these tips much easier to follow, as you can create complex passwords and share them across your organization’s network. You can also assign users to groups so that they only have access to credentials that they need to perform their jobs correctly. These passwords can be synced to company devices in real time, and you can use complex passwords without the pain of remembering them all.
Be Mindful of Spam
Hackers tend to use spam as a way to move malware to many users at once. Most hackers will attempt to spread malware in hopes of infecting as many computers as possible, while others will reach out to unwary users to steal credentials or sensitive information. Here are some of the most common spam messages that you’ll encounter, and how to respond to them.
- A big congratulation: These types of messages try to entice the user with the promise of a big win, like winning the lottery or a new car. It’s safe to say that messages like this are spam, and that messages that prompt you to click a link to claim a prize are dangerous and unpredictable. Just make sure that you think twice before responding to unsolicited messages.
- Fake law enforcement threats: Hackers know that people fear being threatened with legal action, so they take advantage of this fear by impersonating law enforcement agencies. The message claims that there will be action taken against the user unless they pay a fine. These messages appeal to the innate fear of authority, so be sure to keep an eye out for them.
- Spear phishing tactics: Spear phishing aims to take targeted attempts to steal specific data from a user, all through using personalized messages designed to look just like the real deal. This can include details such as your personal contact information, or customized emails that look like they are from an institution you attend, like a bank. Since these attacks tend to look more legitimate than normal spam, you need to stay vigilant.
- Whaling schemes: These types of attacks are at the top of the social engineering pyramid, as they impersonate the CEO or business owner. The scammer will use this disguise to get financial departments to wire transfer funds to offshore bank accounts. Be on the lookout for inconsistencies in contact information, and always cross-reference before assuming that the message is real.
You’ll notice that many of these threats are based in email messages such as spam. Thankfully, you can block the majority of these threats simply by implementing an enterprise-level spam filter. This will keep threatening messages, or those suspected of not being legitimate, from even hitting your inbox in the first place. It’s a preventative measure that can be taken to limit the dangers associated with spam before they cause major issues.
Setton Consulting can provide your organization with the security tools you need to succeed. To learn more, reach out to us at 212-796-6061.