Blog Written by Kayla Blaedow, Application Specialist at First Call Computer Solutions Cybercriminals are only¬†interested in¬†large corporations. WRONG. This misconception comes from media and news outlets feeding us data breach information of larger corporations such as¬†Marriott, Facebook, and¬†Adobe. The truth is if your business¬†has¬†a computer¬†with¬†access to important information, and can be used to access the internet,¬†then¬†your business is at risk. No matter the size¬†of your business, industry, or state ‚ÄĒ I’m looking at you, Montana, your business NEEDS security! The number of basic¬†cybersecurity mistakes employees and business owners make continues to grow and grow each day, regardless of the industry they are in!¬†Even with endless¬†data breach¬†horror¬†stories,¬†many organizations still have a¬†‚Äúbe it as it may‚ÄĚ attitude¬†about their cybersecurity. Look, I get it, cybersecurity isn‚Äôt exactly a sexy topic, but¬†that does not change the fact that¬†60% of small businesses who suffer a data breach NEVER recover!¬†Cybercriminals have discovered that¬†small to medium-sized businesses, of any industry,¬†are easiest targets¬†due to a lack of enforcement and understanding of the¬†recommended¬†cybersecurity policies¬†that have been¬†established by¬†the U.S. Department of Commerce. To help advocate for the irrefutable need for¬†organizations to have¬†cybersecurity policies,¬†I have put together a list of the top 3 cybersecurity mistakes that I am still seeing made on a regular basis.

1. Hooked by Phishing Emails

Every day, business owners and employees are bombarded with tons of different emails. Personally, I receive multiple emails per day, from my clients, vendors, colleagues, news outlets, and even people that I have never met! I get it, with all those emails constantly coming in, it becomes easy to get¬†in the zone, and start clicking away at all your emails and the emails’ contents.

If you find yourself clicking through your emails faster than an Osprey diving for a fish, I beg of you to please STOP!

Phishing emails are malicious emails that are disguised to be from someone you know¬†and trust.¬†Sometimes these emails will contain links¬†or attachments that will¬†be used to sabotage¬†your system, once clicked. Other times, the emails will¬†be used to try to trick you into giving out valuable information, such as passwords¬†and¬†banking information.¬†Cybercriminals are clever at copying signature lines and logos to make these emails appear to be safe —¬†at¬†least¬†at first glance.
I have seen many different¬†real-life¬†examples of these malicious emails. A common one that¬†I have seen recently is an email that appears to come from the CEO¬†or other executive¬†of¬†your¬†company. The email has a sense of urgency to it¬†and¬†will¬†request things like electronic¬†gift cards or¬†checks¬†to be sent to them immediately. If you receive an email like this STOP and look at the sender‚Äôs address. Is it an email¬†address¬†that you know and trust?¬†Are there any spelling errors in the email address? If you are suspicious of the email address, then do not respond to that email‚ÄĒit is probably a phishing attempt. If you are¬†still questioning the validity of the email, pick up your phone and give them a call¬†with a phone number that you already have listed. Be careful¬†not to¬†trust the phone numbers¬†that¬†are¬†listed¬†in the email that you are questioning!

2. WEAK Passwords

I know that us IT people have been¬†whining about the use of weak passwords for a while now, but they really are the¬†Achilles¬†heel of your¬†network¬†and I STILL see them daily!¬†Cybercriminals¬†can¬†use tricky methods, such as brute force attacks, where they¬†test hundreds of different¬†frequently¬†used¬†passwords¬†on your accounts¬†until they¬†find the one that works‚ÄĒYIKES!
It is¬†not always obvious to people that their passwords are weak. Here are a few examples of what make weak passwords: The name of your business,¬†loved one,¬†or pet, a¬†nickname,¬†or¬†your phone number.¬†Even if you add¬†some¬†number combination or¬†special characters, hackers can¬†and will¬†generally¬†figure them out. A First Call Best Practice is to use¬†password¬†phrases¬†rather than simply words. Something like ‚Äú1Lov3Sp@gh3tt1‚ÄĚ is¬†far¬†more difficult to guess¬†than ‚ÄúMittens123.‚Ä̬†An even better idea is to use a¬†password¬†generator,¬†such as¬†Myki‚Äôs¬†that will provide you with a random string of letters, numbers, and special characters.¬†These passwords are virtually impossible to hack and will provide you with a strong cybersecurity posture.

One last thing. Please, please, please STOP saving your passwords in a word document or *gulp* a sticky note!

I get that it becomes impossible to remember all the different complex passwords that you use for your user accounts. Especially since you certainly should not be using the same password for more than one account! First Call strongly recommends finding a secure password manager app to help you store and remember all your different complex passwords. With the help of a password manager, like Myki, or LastPass, you will only actually need to remember one password, the password to the app, allowing you to make your accounts as safe as possible!

3. Keeping Unnecessary Web Accounts

In an effort to reduce the risk of¬†our Advanced Security clients from experiencing data breaches,¬†one of my daily responsibilities¬†as an Application Specialist¬†is to scan the dark web for¬†our clients‚Äô credentials. For those of you who do not know what the dark web is, it is basically an online black market that is hidden from¬†the typical internet browsers like Google, Edge, Firefox,¬†and Safari. As I conduct my daily scans, it has become quite common for me to find individuals credentials¬†that have been exposed through¬†data breaches¬†from various free sites such as¬†Evite,¬†covve, and¬†verifications.io. The reality is it is not uncommon for staff to use their work email addresses¬†to sign up for¬†useful free¬†web accounts¬†to conduct their work. For example, back in my sales and marketing days, I created¬†numerous¬†accounts for¬†different free¬†sales lead generators,¬†photo editors, label makers,¬†and electronic invitations.¬†One thing that I¬†did not¬†know back then,¬†and that I am glad that I know now,¬†is that those free sites¬†often¬†do not have the¬†resources to properly secure¬†their¬†accounts! That means that those are¬†usually¬†the¬†companies that experience¬†data breaches¬†the most. I want to be clear here. I am not saying that you¬†should not¬†sign up for a free web account if they will help you do your work more effectively.¬†Sign up away¬†with strong¬†and¬†unique passwords! BUT, when you find that you no longer need that¬†evite.com account,¬†DELETE IT! Remembering to¬†delete¬†these old accounts will help you to reduce your chances of having your email address, and other personal information sold on the dark web¬†and keep your organization’s data and network safe.
If you find yourself¬†or anyone else in your organization¬†committing any one of these common cybersecurity mistakes, please take the time to stop and adjust your cybersecurity posture. A great way to make sure that everyone in your¬†organization¬†is on the same page is to establish, train, and implement¬†a¬†cybersecurity policy. Additionally, to help¬†reduce your organization’s chances of becoming the next¬†victim of a data breach,¬†it is a great idea¬†to partner¬†yourselves¬†with an IT¬†provider¬†that can offer advanced IT security. New call-to-action
Take Your Business to the Next Level:
Take Your Business to the Next Level:
You are Subscribed!
We will get in touch with you soon
We will get in touch with you soon