None of us likes the thought of becoming a cyber victim and a few prudent steps can help insulate us a bit more. While we can’t control the actions of every company we do business with we can be careful in how we respond.
Most of us have probably been told that we should never open an attachment or follow a weblink in an email if we do not know the sender. While that is true, it is possible that the trusted sender’s email was compromised and the message with the attachment or link was not sent by the owner of the email account. If a link is not expected the easy solution is to send a new email to the sender asking if they sent you the email in question. It is also prudent to scan all attachments and directly type URLs into the web browser. If the name of the website is easily discernable a quick Google search for the organization can help identify if the link is legitimate and something of interest or if it is a potential phishing attempt.
When we hover a mouse over a weblink the URL is displayed in the bottom left corner of the window. Verification that the webaddress is the same as the weblink is a very basic first step to safety. Cybersecurity is an area where moving slowly and cautiously often bears the best results. Even if all of your co-workers are discussing the latest super cute video or coverage of the last few minutes of sporting event where the lead quickly changed, clicking the link without verifying that the video you will access is the one desired, and that the video is safe, can have serious consequences.
Don’t forget to protect your cell phone as well as your personal computer with antivirus software. Most of us transact as many types of business on our phones as we do on our personal computers and other mobile devices. There are several very good freeware and pay-for use versions in the Android and Apple stores and online. Adding a software firewall is another prudent precaution. Because all of our time online leaves a trail in sites visited and cookies stored, updating your privacy and browser settings on all devices is prudent. Cleaning the cache and cookies after being online with a utility like Piriform’s CCleaner is another precaution. That way if malware access your device any password or login and account information that may be stored in temporary memory will be removed.
Free Wifi is another area of concern that bears repeating: Do not use unsecured wireless access for any site or application you where must provide login credentials. The credentials you enter will be transmitted through the air via the wireless signal. Any system within range can intercept those credentials. It is also possible that the wireless access point you believe you are accessing is in fact a rogue access point set up on another mobile device to sniff the traffic or make a copy before passing the traffic to the legitimate wireless access point. Free wireless should only be used to locate a business or phone number, investigate ingredients, or any other simple search that can be completed without providing any credentials.
Remember how I mentioned that the email account of a friend who sent you a link or attachment could have been compromised? If that account was accessed using unsecured wireless access there is a great chance that someone other than your friend has access to their account. It is also possible that your friend subscribed to a website or service and granted access to their contacts as part of the standard installation. That access allows for the website to create and send email that appears to be from that person even though they took no action to create or send the email. It can be difficult to detect unless the recipient alerts you to the email as most often no copy is saved in the sent folder.
In cybersecurity the concept of proactivity can reap the best rewards. While we can often recover from a malware incident there is no guarantee of success and with the recent ransomeware attacks successful eradication without costly intervention is nearly impossible.
Simply slowing down and verifying the URL or the legitimacy of an email can save hours of grief and the cost of eradicating a malware incident.
Learn more about basic cybersecurity at the National Cybersecurity Institute.