Technology Services • Published 7/24/2018 Do You Make These Top 4 Cybersecurity Mistakes?

So much of your business is conducted online these days. Whether it’s the numerous emails and links that come to your inbox on a daily basis, or the multitude of usernames and passwords you have for accessing different online platforms, every keystroke or click can lead to a breach of your critical business data if you’re not careful. Below are four common cybersecurity mistakes you may be making that can lead to a data breach.

1. Clicking links or attachments in emails from what appear to be known senders.

Your daily business communications will generally involve receiving emails from both individuals and businesses with whom you normally correspond. Maybe you’ve received a PDF document from Julie over at the printing company asking you to approve a marketing project so they can move forward. Or maybe you’ve just received an email from your financial institution alerting you to a security issue and asking you to login and confirm your account. In either of those cases, you have received an email from what appears to be a familiar source. But is it real?

The best policy is to verify the content before you just automatically trust it. Often times, it’s really easy to be having one of those days where you’re moving just a bit too fast. Deadlines and pressure to get things done can lead to overlooking suspicious components in an email. Did the email language from Julie not quite sound like the Julie you know?  Maybe the email from your financial institution had their logo, but did the content appear different than what you normally receive? Think about it before you click anything. Once you click that link or attachment – it may be too late.

Perhaps give Julie a call or send her a text to inquire if she has sent you a document for review. In the other case, maybe it would be wise to skip the email from your bank and go directly to your financial institution’s website to login to your account. If there are notifications on your account, you will generally find them once you’ve logged in and then you can handle the next steps with confidence.

2. Failure to report suspicious activity to your IT department.

Chances are if you are receiving suspicious phishing or spam emails, your coworkers are receiving them as well. Reporting the activity to your IT department or cybersecurity service provider should be the first step you take to prevent a breach. Groups looking to hack into your company data have better odds getting through if they have targeted everyone in the company via bulk email. It only takes one person to click through on the wrong link and then the hackers could gain full access to information they can leverage against your business for ransom payments.

The sooner you report suspicious activity to your technology experts, the sooner they can take measures to both alert employees and to prevent future content from reaching employee inboxes. It’s also important to note that while a specific attack may get addressed quickly and resolved, there will most certainly be new and different subsequent attacks as you move forward. Hackers understand there is tremendous financial value to acquiring your business data and they will stop at nothing to find new ways of gaining access to your customer information. This is why all employees must remain alert at all times and why training for your workforce in cybersecurity measures is so important to your operations.

3. Using the same password for your personal and work accounts.

We understand that remembering your poodle’s name and first car makes it super easy to apply to all of your personal accounts, apps, and social media platforms. But when it comes to your business activity, BiscuitJetta may not be the best choice for your business account password. Separating the two is the best policy. While you should also strongly consider using different passwords in all of your personal accounts, when it comes to your business activity, you should always use completely different protocols for your logins and passwords. This is a must-do to protect against a data breach.

We have all seen in the news where different customer platforms are breached and all user login and password data gets exposed on the dark web. Once hackers have your login and password, all they have to do is go from website-to-website trying your information to see if they can get into an account you may have. If you’ve used the same password for all of your accounts, they will have no trouble at all doing a lot of damage. Now magnify that if you have used the same passwords for your business activity. It’s not hard to see how quickly that can snowball. Now is the time to do an audit of what you have in place and make modifications to those usernames and passwords.

4. Storing a list of your passwords in plain text on your PC.

Because you’ve completed your audit of passwords and have now created thorough, secure password combinations for all of your accounts, you’re going to be tempted to create a list of them on your computer so that you can remember them. But what if the hackers gain access to your computer and you have no idea you’ve been breached? You’ve now created a roadmap for access to all of your accounts and they will quickly be into your accounts and long gone before you even realize what’s happened.

There is an easy way to avoid this scenario – don’t store your passwords on your computer. When creating your passwords for your business accounts, consider utilizing a formula. This allows you to have a different password for each business account by applying a method to how you arrive at the password for each individual account. This is just one solution you can put in place – there are many other methods you can utilize to protect not only your passwords but also all of your critical business data.

Is your business properly protected against a breach?

At P&N, our Cyberveil platform is designed to help companies implement best practices when it comes to cybersecurity. From identifying threats and proactively protecting your network to monitoring activity and responding to incidents, our team of professionals delivers a full suite of products and services to provide you with peace of mind. Contact P&N today to learn more through a free consultation.