5 Cybersecurity Resolutions
5 Resolutions for 2019 – & How to Actually Keep Them So You Don’t Get Phished.
Easy tips to share with the office for a safer year.
2019 is here and we all know what that means: a few weeks of New Year resolutions taken seriously before we forget all about them by mid-February. Oh, alright… scepticism aside, there is much value in actually acting on the lessons learnt during the previous year to stop repeating mistakes.
Here’s the thing: with all the massive breaches that we helplessly witnessed in 2018 (I’m looking at you, Facebook, British Airways, Cathay Pacific, Marriott, Quora…), all kinds of information about us are abounding all over the internet – and cyber criminals toast to this. It has never been easier to elaborate email phishing scams, and we can’t afford to keep falling for them.
Attackers scrape all compromised records they can find to personalise messages, using logos and signatures that seem legit and familiar, and mentioning information we don’t think outsiders have access to. This may be laborious, but it pays off: by targeting us and our businesses, cyber criminals make a lot of money.
Some 95% of targeted attacks start with a phishing email. And as the saying goes, a hacker only has to get it right once. But I stubbornly refuse to run for the mountains and give up on online security. ‘Keep calm but stay suspicious,’ might be my mantra for 2019.
So here are 5 resolutions to adopt even beyond February.
1) Always check the senders’ email address carefully
We aren’t as vigilant about the names appearing in our inbox as we are about strangers who knock on our door. But maybe we should be. Sometimes, red flags can be spotted right away on the names and domains displayed on email addresses– such as misspelled words, random strings of letters and numbers, or company names that seem familiar but are written slightly differently. Hover your mouse over the ‘from’ address to check whether any alterations have been made from the displayed name and be extra suspicious of non-corporate domains.
2) Hover over links before clicking on them– or don’t click at all
Always be suspicious of links and attachments. Just as not all strangers are bad, not all friends might be aware that they are spreading a scam. Create the habit of hovering over a link before clicking on it to check where the hyperlinks will redirect you to. Or even, just to be sure, open another tab on your browser and go to the website of the company mentioned in the email to see if the information presented matches the official source, instead of clicking on the link right away.
3) Be suspicious of messages that are rushing you to take action or lacking in context
If the sender’s name and company seem legit, and there are no links or attachments in the email… It still doesn’t mean you’re safe. Fine-tune your instinct to filter out unsolicited advice, services, requests, invoices, and promotions. Don’t be rushed into taking actions you wouldn’t have taken otherwise. If the message seems important but you’re not sure about its call to action –such as your bank or a health service asking you to call a number or provide any information to complete a service, dig out some official correspondence from the company and use the number given there instead, to double check.
4) Examine the logos displayed in the message and pay attention to the details
Common scams, such as password reset services, are targeted to individuals and pretend to be coming from services, such as ‘Office 365’. To seem credible, these messages display all the logos you’d expect to find in an auto-generated support email and can look very real at first glance. But at closer inspection, they might not be as sleek as the real thing. Look at the details. If the images are pixelated, visibly edited, or need to be clicked on to be displayed, stay away from them.
5) Keep browsers up-to-date
How annoying are those software update windows interrupting us all too often by popping-up in our screens? I’ll be the first to admit I’ve clicked on the “remind me later” option more than once – But no longer. It turns out that these are security patches released in response to the loopholes that phishers and other hackers persistently discover and exploit– and that is why the updates are also released continually. Annoying as they might be, download and install updates the minute they’re available, in a trusted Wi-Fi network.
For more content like this and plenty of safety tips throughout 2019 and beyond, sign-up for our free newsletters here.