Daily Cybersecurity Habits to Live By

2024 was a record-breaking year for cybersecurity threats. Small businesses and individuals are constantly targeted by cybercriminals, and while there are plenty of solutions available that help prevent and detect these types of threats, the biggest weak spots come from poor cybersecurity hygiene. 

This guide will highlight several best practices that every single individual should keep in mind to help protect themselves and the data they interact with at work.

We encourage you to share this article with your coworkers, friends, and colleagues.

Every Password Needs To Be Unique

Coming up with unique passwords for every single account is the pits, but not doing so is one of the leading ways to have personal information stolen or put your business at risk.

To keep things short and simple, if your Facebook password is the same as your bank account password, and Facebook suffers from a data breach (which happens about once a year for a lot of these massive online companies), then you can assume that cybercriminals can get into your bank account. 

But here’s the thing, you probably won’t know if your password from one account gets stolen until months or even years after it happens, because it usually takes big enterprises like Facebook, Amazon, Google, Apple, and others months to even identify and publicize the data breach.

It’s absolutely critical that you never reuse the same password across multiple accounts. Your passwords should always be long, and at the very minimum, should be 14 characters or more.

Always Set up Two-Factor/Multi-Factor Authentication

2-Factor/Multi-Factor Authentication, usually abbreviated to 2FA or MFA, both mean the same thing. Essentially it adds another layer of security to get into an account beyond just the password. By default, a lot of accounts will send you a little code via email or text message, and make you prove that you have access to your phone or email as an extra precaution before letting you into your account.

This does make things a lot more secure, but if your email or SMS messages are already compromised, cybercriminals could breeze right through it. An even more secure solution is utilizing an authentication app. There are plenty of these out there; Google Authenticator, Microsoft Authenticator. For your business, we recommend using MSP2FA. 

Most online accounts and logins can be configured to use 2FA these days, and we highly recommend you look for those settings and enable them. Network administrators can enforce 2FA across a business network as well, requiring users to use 2FA when logging into Windows every day.

Think Before You Click!

Even if an email looks legitimate, if you weren’t expecting it, you should be at least a little suspicious. Especially if that email has links or attachments, and especially if the email seems to be urgent.

Cybercriminals will try to trick you into clicking on links by making the subject material seem urgent and important. They will use messaging like “urgent” or make it look like you made a purchase or that your account was compromised, but the links they include in this otherwise legitimate-looking email will steal your data or infect your computer with malware.

To check a link, you need to hover your mouse over the clickable part in the email, and look at the bottom of the screen, typically on the left for most email clients. It will show you an address that starts with http.

For our example, we’re going to use Amazon.com, and explore how to spot something suspicious. It’s all about looking for periods in the address, and noting where the periods are.

If there is a period AFTER the domain name of the website you want to go to, then it might be a trap.

• https://www.amazon.com/gp/help/customer/account-issues - This is safe, because there isn’t a period after the .com. 
• https://support.amazon.com/ - This is safe, because the extra period is before the company’s domain name (in this case, amazon.com)
• https://support.echo.amazon.com/customer-support/password-reset - Again, this is safe because there are no periods after amazon.com, regardless of how many subdomains (extra periods) are before it in the URL.
• https://support.amazon.ru - Time to slow down. While Amazon does legitimately have a .ru domain, not every business has every variation of domain extension (like .org, .net, .co, .co.uk, etc.). As soon as you get something you don’t expect, start to scrutinize even more.
• https://amazon.passwordservices.com/help/account-issues - This one is dangerous. This URL is technically taking you to a site called passwordservices.com. We just made that up for the example. Anyone could purchase that domain (or something similar) and spoof the URL to say Amazon before the first period. It’s tricky because it’s easy to miss.

Let’s take a look at another example, using PayPal:

• paypal.com - Safe
• paypal.com/activatecard - Safe
• business.paypal.com - Safe
• business.paypal.com/retail - Safe
• paypal.com.activatecard.net - Suspicious!
• paypal.com.activatecard.net/secure - Suspicious!
• paypal.com/activatecard/tinyurl.com/retail - Suspicious!

Keep in mind, these URLs above may or may not be real, we’re just making them up for the sake of an example!

Think You’ve Been Scammed? Report It!

A recent study shows that American adults observe at least one scam every waking hour of their lives.

That’s a wild number. Let’s break down what some of these scams are:

• Phone scams and robocalls
• Phishing attacks
• SMS/Text message scams
• Sketchy or fraudulent ads
• Social media scams and misinformation
• Social engineering attacks
• Lottery and prize scams
• Settlement and debt relief scams
• Fake charity scams
• Financial scams
• Employment scams
• Romance scams
• Fake tech support scams

—and so many more.

Most of us are so used to this never-ending barrage of scams that we just assume that an unknown number is a scam and we don’t even pick up our phones for it anymore.

So when you, or somebody you know falls for a scam, it’s better to admit it, report it, talk about it, and learn from it.

Want to Take Measures to Protect Your Business from Expensive, Reputation-Damaging Cyberthreats?

Don’t wait for your business to become a statistic. Reach out to Capstone Works at (512) 343-8891 today to discuss how we can help audit your network and protect your business from huge risks like cyberthreats and data breaches.