Ten Ways to Strengthen Your Cybersecurity Posture Right Now – Part Two

Thursday April 29, 2021

Robert J. Garcia, Director of IT

As the Director of IT, Rob guides the firm through a landscape of ever-changing technology.  His passion for computing systems and life-long obsession with creating order from chaos allows the firm’s IT department to offer the latest in cutting-edge technology and security to both its employees and clients.

Ten Ways to Strengthen Your Cybersecurity Posture Right Now – Part Two

Malware, exploits, breaches, spear-phishing, viruses, and ransomware everywhere! Cyber-attacks are in the news every day, and it seems like everyone is a potential victim with no end in sight. The outlook is bleak, and many succumb to cyber fatigue and complacency. Understanding today’s threats and protecting yourself does not have to be overwhelming!

There are some simple, common-sense steps that you can take, both in your business and personal lives, that will make you immeasurably safer in an insecure digital world. Here are two strategies you can adopt today to harden your cybersecurity posture.

3) Don’t Feed the Phish

Phishing attacks have been a major problem for the past 30 years, but just recently they’ve become much more sophisticated and effective. Last year alone, 65% of US companies reported a successful phishing attack. These attacks can lead to compromised passwords, personal and medical data, and leaked financial information, costing a combined total of 12 billion dollars over the last 5 years alone! So, how are these phishing attacks delivered? Only 1% is by mobile phone, a paltry 3% by website, and 96% come in through email! This is why I recommend approaching any email containing a link or attachment like a live bomb! Think I’m being dramatic? Maybe a little, but chances are you’ve already received several phishing emails this week alone, and you only have to fall for one. Here are some tips to make sure you don’t:

Hover your mouse before clicking.

If you adopt only one new email practice today, let it be this one. Hovering your mouse on an email link BEFORE you click on it will result in a pop-up from your email client showing you exactly where the link will take you. If the email says Click Here To Access Your Dropbox Documents, but hovering your mouse shows you the link really goes to www.HackingYou.ru, you know something’s phishy.

Be paranoid if you don’t know the sender.

Remember the adage “Don’t take candy from a stranger”? Well, don’t open links or attachments from a stranger either. If you don’t know them and you weren’t expecting that email, chances are its spam at best, or a phishing attempt or malware at worst. Either way, just delete it.

Be paranoid if you DO know the sender.

Email addresses can be faked (spoofed) very easily. Or perhaps the sender’s email account was compromised, so the address is legit but the contents are not. Your best defense here is to look critically at these emails. Are they written in the sender’s “voice”? Are there excessive spelling or grammatical errors? What are they attempting to get you to do? Do they want you to click on a link? Maybe provide your email address and password? Once you’ve examined everything, if your Spidey-sense is still tingling, listen to that voice inside you and give the sender a call. Confirm that it came from them before you click on anything. Remember, just because you’re paranoid doesn’t mean they’re not after you.

4) Public WIFI: Don’t Trust It

Chances are that most public places you visit will have free WIFI offerings. Malls, coffee shops, hotels, airports; they all offer WIFI hotspots, which is super convenient when you’re on the go. The problem is, there’s another user sitting at the other end of the coffee shop, joined to the same WIFI network, capturing all your online activity. This is called a Man-in-the-Middle attack, and it allows a bad actor to eavesdrop or even alter your network traffic en route. That latte-sipping hacker can also deliver malware directly to your laptop, or even fool you into joining his copycat network. After all, did you really join the StarbucksWIFI network, or the fake StarbuckWIFI hotspot the hacker is running from his table?

Public WIFI is dangerous territory, but there’s a simple fix: a personal VPN. VPN stands for Virtual Private Network, and it allows you to do all your online business through a secure, encrypted tunnel. So even if you are on a compromised network, the hacker can’t decipher your internet traffic. There are many excellent VPN providers out there. NordVPN is a good example, with a wealth of privacy features for all your online devices.

 

Hopefully, you found these tips to be helpful and practical. Everything I recommended can be implemented and part of your digital life within a couple days, but your personal and professional security postures will strengthen exponentially.