In honor of National Cybersecurity Awareness Month, Stinnett has partnered with the National Cybersecurity Alliance to become a Champion in order to spread awareness of cybersecurity threats, and actions that can be taken to safeguard individuals and companies.
One of the most common cybersecurity threats are phishing attacks that use a malicious email or website in order to spread viruses and malware to systems, or to collect personal and financial information. Cybercriminals can access this information by requiring recipients to act and click on links due to a fake compromised account or other emergency stated in an email or website pop-up.
However, phishing scams aren’t limited to just emails or website pop-ups. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.
Tips for Avoiding Being a Victim
Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
Before sending or entering sensitive information online, check the security of the website.
Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.
Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.
What to Do if You Are a Victim
Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
Watch for any unauthorized charges to your account.
Consider reporting the attack to your local police department and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.
Protect Yourself with These Tips
When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.
Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
Make your passphrase a sentence: A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
Unique account, unique passphrase: Having separate passphrases for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passphrases.
Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passphrases are not enough to protect key accounts like email, banking and social media.
Stinnett & Associates is not a CPA firm.