1. The Newest Target: Your Mobile Devices
Whether you have an iPhone, Blackberry, Android, or any other internet connected phone, your device is just a miniature computer. And exactly as you protect your vehicle with locks, you should also always "lock" your smartphone by setting up a password. At first, it may feel inconvenient to constantly enter your PIN before accessing your phone applications; however, your phone contains enough personal information to seriously compromise your identity in the event your phone is lost or stolen. Without a security PIN or password, your emails, your saved passwords and your network access is easily accessed by anyone who finds your phone. In fact, many scammers buy stolen phones because it is so easy to request a password reset on your web email or even on your bank account. Consider the financial impact and hassle that would create for you, your company, or even worse, your customers! Put a password on your smartphone and use it consistently to protect your information.
2. Passwords: A Str0ng Pa$$w0rd is Essential
Effective passwords are critical to keeping your data safe. This cannot be emphasized enough! You may have different passwords for your email and your desktop/laptop or they may be the same. Whatever you choose, it is imperative that you do NOT use your username as the password. You must also avoid using any words in the dictionary, something obvious like your company name, your pet's or children's names, or any password less than 8 characters long. You should incorporate numbers, capital letters, and symbols (if symbols are supported in your environment) in the password as well. Without a $tr0ng password, hackers can easily gain access to your email account, steal your information, and then send malicious emails to everyone on your contact list. Don't be the one who infects everyone else because "password" was your password.
3. Thumb/Flash Drives: Beware of Strangers
What if you are leaving your office or walking through a parking lot and you find a flash drive? Should you plug it into your computer to browse the contents to try finding the rightful owner? Probably not. Once you plug the little memory unit into your USB port, you risk silently installing a Trojan that will give hackers direct access to your network. Even worse, a program that hides in the background can capture every keystroke, take screenshots of what's on your monitor, turn on your webcam to watch you, and even turn on your microphone to listen to your conversations. If you really want to view the contents of the thumb drive, plug it into a computer not connected to the internet, perhaps an old one you don't use and haven't yet recycled. Just remember, even if your computer is not connected to a network, a virus on the flash drive can still destroy all your data. Use your antivirus software to scan the drive for viruses if you have that feature.
4. Wireless Networks: War Driving is NOT Dead
If you have notebook computers and smartphones that connect to the web, you're using a wireless network -another favorite entry point for hackers. Consumer models of wireless network devices are so easy to setup that you just go to the store and buy what's on sale. By following the simple diagram, you have all the connections made within minutes. The result: Instant wireless internet! Hooray! It's working! "I can get out to the Internet and everyone is happy!" Yes, everyone, especially hackers, are thrilled. Why? Because there are devices that hackers use to lock onto "unsecured networks" that don't have a password. When wireless technology first emerged, hacking wireless networks was called "war driving". Now hackers can sit in their homes or public places and use "unsecured networks" to gain full access to your network and shared files as if they were sitting at a desk in your office. Other times, hackers use unsecured wireless networks to engage in illegal, credit card fraud that can be traced back to your location. Moral of the story: Secure your wireless network. If you don't know how to do this correctly, ask a professional.
5. Phishing: They're Not Using a Rod and Reel
Phishing scams normally originate from an email that looks like it was sent by a legitimate company such as a bank, credit card, email provider, etc. The phishing email is generally worded to request an "account information update" and provides a link to an official looking but malicious website. Because these websites are so effectively copied off the legitimate website being spoofing (imitating), it may be difficult to tell the difference between the official website and the phishing site. Once at the illegitimate website, sensitive account information, such as your account numbers, passwords, credit card numbers, social security numbers, etc. will be captured as users try to "update" their information. Many times, users will get an error that their information was not correct so that they retype the information again-to ensure the scammers have all the information they need! We cannot express how important it is that you have a good system for NOT opening these official looking "phishing" emails.
6. Compromising Friends: Compromised Email Accounts
In addition to never opening emails from people you don't know, you must be careful with emails that appear to be sent from your friend's account. If you receive a message from someone on your contact list but the subject line is blank, strange, or ambiguous, do NOT open the message. Yahoo, Hotmail, and Gmail have all had user accounts hacked and countless unsuspecting recipients opened virus containing emails from someone in their contact list. The result ranged from the recipient's own email accounts being compromised to getting a nasty virus that sent out more emails to the rest of the contact list. Rule of thumb: If you're not sure your friend or associate sent you a particular email, you can always ask them on the phone or send them a separate message to inquire about the subject line. It is better to delay opening that message and error on the side of caution than it is to be a victim of your friend's compromised email account.
7. Safe Surfing: Just a Few More Reminders
You should avoid clicking on links in emails. The link may appear that it is going to your favorite website; however, the code behind the link can redirect you to the wrong site that looks identical to the official site. NEVER click links in emails to reset passwords unless you have just requested a password reset less than 5 minutes prior. If you receive an email with a link telling you that you must change your password for any account, delete it immediately and contact the company directly. Finally, never give out personal information unless you know 100% that you are on the correct website. You should always type the official URL into the browser address bar or bookmark/add the official site to your favorites.