Avoid Getting Scammed Online (Both Personally and Professionally) With These Tips

It’s simple, really: scams are everywhere, so you need to always keep a few important tips in mind to avoid them. Let’s review some of these tips together.

Never Use the Same Password Twice.

Let me ask you a question: if you were to use a password everywhere, what happens when one of the many, many accounts and websites you use it on has its security compromised and your account credentials are part of that data breach?

That’s right—all of the many, many accounts and websites you used that password for can now also be considered compromised, because it’s only a matter of time before someone tries out that combination on them. Using a fresh password for each account (with the help of a password manager) will help ensure that this isn’t the case.

Set up Two-Factor Authentication on Your Email and Every Other Account

What’s more secure than a lock? Two locks.

While it may seem like I’m being facetious, the simple truth is that adding an additional authentication requirement greatly enhances your security—particularly when these additional requirements call for a biometric proof or a code generated on the spot. If one of your accounts offers two-factor authentication, it is best to enable it as a precaution.

Restrict Access to Company Data

This one is for the business owners. Consider all the data that you have on your business’ network and in its storage…how many of your team members actually need all of it in order to do their jobs? Chances are, none of them…including you. Fortunately, there are policies that you can set up that only give staff access to what they need based on their role, not the full network. If these types of policies aren’t set up, give Datalyst a call at (774) 213-9701 to discuss.

Learn How to Spot a Phishing Attack

Phishing—effectively, hacking the user instead of the computing system they’re using—allows cybercriminals to bypass your security with relatively little effort. This makes it critical that you make your team aware of how you can spot phishing attempts as they come in. We recommend you share the following practices:

• 1. Always use strong passwords. It’s always a good idea to have strong, complex passwords, and to not use the same password for more than one account or site.
• 2. Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from Facebook, a link should lead back to facebook.com. If there is anything strange between “Facebook” and the “.com” then something is suspicious. There should also be a forward slash (/) after the .com. If the URL was something like facebook.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
  • a. facebook.com - Safe
  • b. facebook.com/activatecard - Safe
  • c. business.facebook.com - Safe
  • d. business.facebook.com/retail - Safe
  • e. facebook.com.activatecard.net - Suspicious! (notice the dot immediately after Facebook’s domain name)
  • f. facebook.com.activatecard.net/secure - Suspicious!
  • g. facebook.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

Remember, these tricks are designed to be subtle and easy to miss! Pay close attention to what you are clicking on!

• 3. Check the email in the header. An email from Facebook wouldn’t come in as . Do a quick Google search for the email address to see if it is legitimate.
• 4. Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious. If the email shows up out of the blue with an attachment, even if it is from a sender you trust, it doesn’t hurt to ask them if it is legitimate.
• 5. Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious. 
• 6. Spread phishing awareness! There is no shame in being over-cautious! If you show those that you work with that you are mindful of these types of threats, they may adopt similar practices. In the long run, it makes email much safer for everybody!

Don’t Click on Links or Open Attachments You Didn’t Expect

Expanding on the above a bit more, you really need to reinforce that you and your users should not click links or attachments unless you’re expecting them to be included—and even then, proceed with caution. Don’t hesitate to reach out to the supposed sender through another means, or log into the account separately from the email, to confirm whether or not the message was legitimate.

Keep All Your Devices Updated, Including Network Equipment

Software updates are extremely important, as they often provide critical security improvements and patches that you would be left vulnerable without. This makes it particularly important that you keep up with your patch management and updates.

Businesses Should Have Their Network Audited Regularly

On a related note, there are many other ways that a network could be left vulnerable, which makes it important that you have a sense of how well your business’ infrastructure is put together.

We can provide you with the network audit that will reveal as much to you, as well as assist you in improving the rest of these safeguards. Reach out to us to request an audit and learn more by calling (774) 213-9701!