Is it Time for a Cybersecurity Checkup?

Written by Paige Dawson

As experts focused on marketing and communications, we don’t typically dole out information technology advice. But because IT touches virtually everything we do, we always try to stay apprised of general technology trends and issues that could help or impact our clients.

This month we felt compelled to pass along an urgent ‘public service announcement’ about cybersecurity because two of our clients recently became victims of hackers (more on this below). Aside from cybercrime hitting so close to home, October is National Cybersecurity Awareness Month. So, you may be hearing about cybersecurity from other sources in the coming weeks. Our guidance is to pay attention! Take a little time to brush up on cybersecurity protocols that can help protect you at home and at work.

is it time for a cybersecurity checkup

Scary True Tales Of Cybercrime

Trust us, the creepiest Halloween horror movie doesn’t come close to the frights that are brought on by cyber criminals. Our clients who fell prey to hackers are very smart, very capable people. But no one is immune from the devious plots of hackers who are hiding around every dark corner of our digital world.

In one case, a hacker was able to successfully pull of a ‘Business Email Compromise’ or BEC scam on our client, which resulted in thousands of dollars of wire fraud (not to mention the time and hassle it took to unravel the mess). BEC scams typically involve phony e-mails in which the attacker ‘spoofs’ a message from an executive at a company and tricks someone into wiring funds to the fraudster’s account or clicking a link or attachment containing malware. Sometimes the hacker asks the recipient to change the account number for a wire transfer using a very businesslike and legitimate looking spoofed email message. This is exactly what happened to our client. But he isn’t alone: in a September 2019 public alert, the FBI called Business Email Compromise “the $26 Billion Scam.”

In the other instance, hackers penetrated a client’s LinkedIn account, which began sending odd messages to his contact list via LinkedIn. If any of our client’s contacts replied to the message and questioned its validity, the hacker replied from our client’s business email address confirming that the message was legitimate! So, this hacker gained access to both the person’s LinkedIn account and business email. It is truly astounding how sophisticated these hacking schemes have become. While no money was lost in this case, it still took our client considerable time to deal with cleaning up and apologizing to the contacts who had been messaged by the hackers. Not exactly how an executive wants to spend their day.

You’re More Vulnerable Than You Might Think

Just as our very smart clients became unwitting case studies in cybercrime, you too can be victimized by cyberthieves. These are crooks who spend every waking hour plotting how to steal your data, your money or your identity. So just because you have the latest antivirus software and an IT department that keeps careful watch over your network, don’t be lulled into a false sense of security. Cybercrime can happen to anyone. And often it’s the folks with the most on their plates—leaders with too much to juggle and too little time—who become easy targets because they’re always moving so quickly through their day (and often on mobile phones where it’s harder to detect).

Imagine you’re in the Starbucks line and an ‘urgent’ email comes in on your mobile device. You can’t tell exactly what the URL address of the link is, but it looks legit so you click through. That’s all it takes for a hacker to get what they want. The key thing to remember—especially when you’re out and about using a mobile device—is that our brains are often the first line of defense against cybercriminals. IT security experts call it acting as a ‘human firewall’ meaning you should always trust your instincts, read emails carefully and think before you click.

Cybersecurity Tips To Swear By

Here are some other simple tips from the National Cyber Security Alliance, excerpted from their press release kicking off Cybersecurity Awareness Month:

  • Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media and any other service that requires logging in. In layperson terms this means that when signing in from a new device you may be required to receive a text code or email as a second means of identification and confirmation.
  • Shake up your passphrase protocol. Consider using the longest password or passphrase permissible. Get creative and customize your standard passphrase for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passphrase for each of your accounts. In layperson terms this means do not use the same password for your business email, your social media, your banking, your shopping, etc.
  • If you connect, you must protect. Whether it’s your computer, smartphone, game device or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser and operating systems. Sign up for automatic updates, if you can, and protect your devices with antivirus software.
  • Play hard to get with strangers. Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email or message is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or attachments found in that email. When available use the “junk” or “block” option to no longer receive messages from a particular sender. And, from our experience, if you do receive an email from someone you know but it seems odd, go with your gut. And, don’t simply email back to confirm but call or text the person as a bad actor can easily have access to reply as if that person.
  • Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all cybercriminals need to know to target you, your loved ones and your physical belongings—online and in the physical world. Keep Social Security numbers, account numbers and passphrases private, as well as specific information about yourself, such as your full name, address, birthday and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time. Also, check your apps to disable location services for those apps that don’t need to use that feature…most enable it automatically.
  • Keep tabs on your apps. Most connected appliances, toys and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
  • Stay protected while connected. Before you connect to any public Wi-Fi be certain to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good cyber hygiene by avoiding sensitive activities (e.g., banking) that require passphrases or credit card numbers. Your personal hotspot is a safer alternative to free Wi-Fi. Only use sites that begin with “https://” when shopping or banking online.

Be Prepared

Hopefully your organization will never fall victim to cybercrime.

If you’re unsure how safe your business systems are or want a second opinion on your current approach, processes and tools, we’re friends with two trusted managed services/technology firms in DFW that we’ve known for more than a decade each: Sagiss and Ranger Solutions. I know either would be most pleased to chat about your technology.

And given how pervasive cybercrime is, your best bet is to be prepared with a solid reputation repair and crisis communications plan in the event of a data breach or other issue. We routinely assist clients with the preparation of crisis plans for a variety of situations. Contact us to learn more.

And stay cybersafe out there!

About Paige Dawson

With expertise in marketing, business strategy and public relations, as well as ‘in the trenches’ experience as a business owner, Paige Dawson brings a unique blend of talent to clients. As president and founder of MPD Ventures Company, Paige works with executives and entrepreneurs throughout the country to develop key messages, marketing strategies and measurable campaigns, driven by client business goals. She has extensive experience providing counsel for professional service firms, technology companies, associations and nonprofits.