I know I'm a little late in posting this, seeing as October was Cybersecurity Awareness Month and it's now Thanksgiving Month. But I've seen a recent uptick in attempts at cyber attacks against financial service companies, so I thought it was a good time for another reminder about how to protect yourself, your office, your coworkers, and your clients from cyber attacks.
It all comes down to practicing good cyber hygiene with your email, text messages, and social media accounts to prevent malware and viruses from being introduced to your devices in the first place. An ounce of prevention is worth ... well, potentially tens of thousands of dollars spent to try to correct the damage from a cybersecurity attack.
A significant source of cyber attacks is from phishing emails. Hackers are getting increasingly savvy about creating convincing looking logos, content, and website links to further their attempts to trick you, using reputable and widely-used names like Microsoft, Amazon, DocuSign, Apple, and Facebook. So, here are some reminders about how to spot red flags in your email inbox:
Hover over the sender's email address to be sure it's legitimate. Hackers will often spoof sender names and make slight adjustments to the email address that you might not notice. For example, the email sender may say "Amazon Business Services," but the email address might be something different, like "firstname.lastname@example.org."
Hacker emails will often convey a sense of urgency asking you to act immediately, or include a threat of adverse action, such as freezing your account or disabling access to critical applications. Don't fall prey to this fear mongering. Slow down, take a breath, and then access the account or service directly to check on the status, rather than clicking on any links in the email.
If an email includes a link, hover over the link to see if it seems legitimate. If it seems different from the URL you would normally use to access your account, don't click it. Instead, type in the correct URL you normally use to go to the alleged sender's website.
Don't download any attachments unless the email is from someone you know. And even then, if you weren't expecting a document from that sender, think twice before downloading, or check with the sender to be sure it's safe. Even your friends, family, and clients can get hacked, and their emails can be used to spread malicious code through attachments.
Check to see the time that the email was sent. Emails sent outside of normal business hours may be suspicious (i.e., sent from overseas). Of course, with many customer service centers operating 24/7, just because a message is outside of normal business hours doesn't automatically make it spam.
Here is a quick, cute video on YouTube that provides some helpful reminders. (Don't worry, this link is legit. I'm not trying to trick you.) Take a couple minutes to review this. And as always, please let me know if you have any questions.