Data Security: is every single employee on guard?
The security of your data is under constant attack. These attacks are often creative and hard to identify so it is crucial to be on guard. Here are 12 things you want every employee in your business to know:
Passwords often contain children’s names, pet names, middle names, streets, birthdates and years. Most of that information is now online. Consider the Instagram birthday photos posted by friends, the pets and relatives names mentioned on Facebook and the silly online quiz you completed two years ago. Hackers harvest this data and use password crunching software to work out passwords. Use phrases, numbers and symbols that can’t be connected to you or your business. BluePear99Hats? You can remember that or use LastPass to remember it for you.
2. Phones & Other Devices
Do employees use their own phones and laptops to access information for work? They will need to keep updating firewalls, filters and antivirus protection on their personal devices.
3. Free Apps
Free apps on phones can be created to mine data from a phone such as location, contact list, camera, audio, etc. Google Assistant and Siri can hear you. Tailor the access settings on individual apps so they can only access what is necessary. Some apps refuse to function if you say no, and these are the apps to avoid.
4. Calls / texts from unknown numbers
Ignore them and don’t call them back unless you know who it is. Some want to record you saying ‘Yes’ so they can steal your identity. A simple question such as ‘can you hear me’ or ‘am I speaking with the home-owner’ leads to you to say yes. Just hang up. If you think you know the person they can text or leave a message. Some phone numbers start charging you as soon as you dial them back. This is how they make their money.
5. Sending Emails
There is no fully secured email system so expect that everything you send is being watched by a hacker. Encrypt files with passwords if sending via email. Use secure, password protected online vaults such as SmartVault to send bank statements and other sensitive data. Ensure those passwords are shared securely and never mentioned in emails.
6. Emailed Links & Details
Don’t use emailed links, websites, bank details or phone numbers. For example, if you receive an Ergon Energy bill by email, go to the website independently to login. Pay bills using details you have already saved in your online banking. If you want to click on a link, hover over it first to see the site address it will take you to.
7. Emailed Invoices
Call to confirm all new or changed bank details. Scammers are targeting emailed invoices, especially for large transactions such as cattle, crop and vehicle sales. Once again, check the phone number, don’t use the one on the email.
8. Receiving Emails
Check emails and email addresses carefully for spelling and subtle differences.
Is it coming from @themoneyedge.com.au or @themoneyedqe.com.au? The latter is a scam.
Is it coming from @ato.gov.au or @atogovemail.org.au? The latter is a scam.
Word, Excel and other Office programs can contain a vba macro virus so DO NOT enable editing mode for them or the email itself. Never open an emailed zip file, or .js .exe .com .pif .jar .jse .wsf .vbs .hta or .scr. If you’re unsure about anything, don’t touch it.
9. Secure Websites
Secure websites start with https: and have a padlock symbol. Never enter sensitive information into unsecured sites. If you must use one, enter false details so you don’t reveal anything.
10. USB Sticks
USB’s are risky. If no-one knows where a USB stick came from, throw it out.
11. Hard Drives
Hard drives are vulnerable to theft, viruses, ransomware, fire, natural disaster and old age. Ensure regular backups are stored securely offsite, or use a strong cloud storage site. Use multi-factor (two-step) authentication for all access and storage wherever possible.
12. User education
It comes down to every single employee being educated. If just one person in a business clicks on a link, it threatens the entire system. Pass your awareness on to the people around you.
This is an evolving situation and the threats will keep changing. If your data has been stolen, contact your bank immediately for advice and report it to the Australian Cybercrime Online Reporting Network at www.acorn.gov.au
Share the awareness, and please let us know of any threats that we have not covered here.
The Money Edge | Bundaberg