We’ve all seen news the past couple of years regarding major breaches at high-profile organizations such as Target, Anthem, Yahoo, Equifax, and even the SEC. These organizations are just a few examples and demonstrates the fact that if major organizations are impacted by cybersecurity breaches, then small organizations and individuals most certainly have vulnerabilities as well. Yahoo’s breach compromised approximately 3 billion accounts worldwide, while Equifax’s breach may impact approximately 143 million Americans, so this issue is far-reaching. As we become more reliant on technology to get our business done, we need to be more cognizant of the little things we should be doing to protect our systems; and ultimately, the sensitive information that is housed within it.
It’s a fact that fraudsters seek easy targets and if anything, are persistent. Keep in mind, a fraudster’s time is completely dedicated to searching for and exploiting vulnerabilities in a system; finding ways to access data they can use for their financial gain. In other words: it’s their day job. Most people and organizations may not spend much time thinking about cybersecurity—certainly not as much time as fraudsters do. Prevention may be difficult though, as fraudsters are always trying to stay one step ahead. There are, however, good practices you can follow to make it difficult for the fraudsters.
These people utilize many methods to gain access to information in your computer systems. One of the most common methods used is “phishing”, because it’s so easy. Phishing schemes are typically in the form of emails that appear to be legitimate requests from companies you may do business with. However, when accessed fully, a fraudster may gain unlimited access to your emails, possibly your computer and perhaps the entire network you’re connected to. Phishing emails can look official and may utilize company logos or even reference specific names of people who work at the company. So, what can you do? How to do you protect yourself when a fraudster goes to great lengths?
Phishing emails often have clues you should be aware of. First, you should read the email carefully. An email that has an urgent tone, has obvious misspellings, contains grammatical errors, and/or is requesting highly sensitive information (i.e. Social Security information, bank account information, login IDs, passwords, etc.) are typically red flags that identify a fraudulent email. Secondly, hyperlinks within phishing emails often provide major clues. If you hover your mouse pointer over a hyperlink, it is possible to see where the link is being directed without actually clicking on it. If the hyperlink is directed to some other source, this is a major red flag, so don’t click on it.
When in doubt, you should err on the side of caution and call the company where the email originated to verify if it is a legitimate request. The two-minute phone call to verify a request for sensitive information may save you a ton of headaches. Lastly, it’s important to keep your antivirus and technology security current. Never hit the snooze button when it’s time to update your software for security patches.
As always, should you have any compliance questions, we are always here to help. Please feel free to send an email to firstname.lastname@example.org.