During my days in journalism school, my professors repeatedly joked, “If your mother says she loves you, verify it.”
That advice holds just as true for navigating the digital environment that makes up such a big part of our world. Every day, a variety of threat actors lurk out there seeking our valuable and sensitive information and waiting for a key opportunity to steal that data and sabotage the systems and tools we rely on in our daily lives. So much of what these hostile actors do is based on the idea that many people won’t take a little bit of extra time to verify what they’re accessing is legitimate.
Take for example, “typosquatting” attacks. In this type of attack, a hostile actor will set up a URL address similar to a popular URL address. So, they may set up www.amazn.com hoping to steal the information of unsuspecting shoppers who unintentionally misspell the URL for Amazon. Taking a second to verify the URL you typed in is correct can make a huge difference.
The most common cyberattack around today is phishing, which also relies heavily on a lack of attention to detail and verification from its intended victims. We’ve all probably received a great deal of these emails. They come in a variety of forms and can come from a variety of sources, including people and emails that we trust. Hostile cyber actors will break into legitimate email account and use those to send out phishing emails, hoping that level of trust will lead to more people falling for their phishing attacks.
When reading your emails, and your texts and phone messages as well, always bring a healthy level of skepticism. If you receive an email from a trusted contact that seems unusual, take some extra steps to verify if that email is a legitimate email and not a phishing attempt before doing anything with that email such as clicking on links or downloading attachments. Reach out to that individual by calling them, talking to them in person or using a different email to contact them. Taking these extra steps can help you ensure you’re not falling for a phishing attempt.
Unfortunately, even when we’re careful in how we interact with the internet, you can still be exposed to cyber attacks. Data breaches at major companies can expose our passwords, usernames, credit card data and other critical information. While you can’t always control whether your information is exposed, there are several great tools that can help protect you while working online.
Multifactor authentication (MFA) can prevent attackers from fully accessing your account even if they discover your password. Texting and email MFA are good first options for MFA, but if possible, use an authenticator app such as Microsoft Authenticator, as it’s harder for hostile actors to intercept that form of MFA.
Speaking of passwords, a password manager, such as Keeper or 1Password, can greatly improve your security. It can be a pain to remember, but using different passwords for each online account makes it more difficult for hackers to break into those accounts. A good password manager can store all your passwords, help generate strong passwords and allow easy access to them so you don’t have to remember every password.
Finally, if you have to work or use a public network such as a coffee shop or airport, take steps to protect yourself. Use a VPN or other tools to secure your online communications and if possible don’t access sensitive information while on these public networks.
The online threats facing us online are many but by being aware and using some cybersecurity tools, we can help reduce some of the risks that we face online.
Danny Ramey is Co-Founder and CTO at TeamLogic IT of West Denver. Contact him at dramey@teamlogicit.com.