October is National Cybersecurity Awareness month, a fact of particular importance in the year 2020, when so much our work lives have become remote and virtual. Shifting to remote work has been an ambivalent experience for many–some studies show that remote work makes employees more productive, while others say it’s hurting everyone’s ability to network and communicate effectively. But however good or bad remote work is treating your workplace, nearly all businesses and their data are under a more severe threat now than they were before the pandemic.
Although many companies have embraced working from home, the initial shift from in-office workplaces to entirely remote setups was abrupt and unexpected. These changes present a massive threat to any organization’s cybersecurity. Almost overnight, companies had to create brand new processes for a situation they were unprepared for. This has created a near perfect scenario for hackers and phishers to obtain classified data, and they are taking advantage of it. Phishing attacks have increased by 667% since February, and they continue to go up.
Protecting your security—and that of your company’s—mostly entails practicing common sense:
Keep a Sharp Eye on Your Inbox
A lot of scams happen in email, and phishers are getting cleverer with their tactics every day (notice the ease with which Rihanna’s character from Ocean’s 8 sends a personalized phishing email). However, there are a few easy elements you can watch out for to identify a real email from a phishing attack:
- Emails insisting you click on a given URL. As we know from Rihanna, all it takes is one link click to give a hacker all they need to infiltrate a computer system. Beware of any email that directs you to click on any kind of link, even if the email is sent from someone you know. If the email includes a sense of urgency (i.e. asking you to click immediately or risk losing money, etc.), you should automatically mark the message as suspicious.
- Spelling errors and typos (especially in the sender email address). Look out for any spelling or grammatical errors in the email’s content and sender address. Phishing emails will often impersonate other websites and people by making minute changes to spelling in hopes of convincing the recipient that the email is legitimate.
- Strange content. Self-explanatory, but any email with content that strikes you as odd and asks for you to click on a link is suspicious—even, again, if the email appears to be sent from someone you know. Hackers will often compromise email accounts and reply to messages in those inboxes. This means a suspicious email could be a reply to one you yourself already sent. If you sense something strange in a reply to one of your own earlier emails, double check with the email sender (through phone, text, or other messaging services) to make sure they truly sent the email.
Keep Passwords Secure
Safe password practices are critical to maintaining excellent cybersecurity. Hackers are very aware of the tricks people use to make easily remembered passwords. They’re also aware that people often use the same password for multiple sites. This means that if a hacker cracks just one password, they have likely won access to multiple sites. It’s important to have a separate password for each login and for each of these passwords to be as secure as possible. The longer the password, the more secure it will be. A combination of three or more unrelated words (do not use famous quotes) will usually make a secure password, and it’s recommended that you install a password manager (such as LastPass) to keep track of your login information.
The more we work online, the greater the threat to our information. Ensure you have proper safety measures in place for detecting phishing emails and protecting your data against theft.