The biggest concern on every company’s plate these days is Network Security. Hardly a day goes by that you don’t hear of some security breach or hack that has affected millions of people. Companies spend billions of dollars each year trying to keep one step ahead of these threats. The underlying truth is that many of these “breaches” were the result of end-users not adding basic security precautions to their day-to-day routine.
Below I’ve listed five basic practices that can help make your modern online existence a little safer not only at work but at home too!
#1 – LOCK YOUR COMPUTER
This is probably the most basic of all the basics. Simply put, when you walk away from your computer, lock it! this doesn’t mean you need to logout and have to reopen everything you were working on later, it simply means you lock access while you are away. The easiest way to do this on a Windows-based machine is to press the Window Key + L. The Windows Key is the one marked with the Microsoft Windows logo and is usually to the left of the “Alt” key left of the space bar.
This 2-second habit can save you a world of trouble when running to the restroom after eating the egg-salad sandwich you picked-up from 7/11. In a company, this keeps people from accessing network and local resources when you’re not there. I had the opportunity to witness first-hand (in a large city office) a person walking into a company that didn’t belong there, go through an employee’s desk drawers, and start browsing online with the employee’s computer. More commonly, however, it’s your coworkers you’ll have to worry about. Common office pranks can not only lead to downtime and inefficiency but also a plethora of other issues (HR, Viruses, Corrupt Operating System, Etc…). Locking your computer is a simple way to avoid all that hassle in the first place.
#2 – Create Strong Passwords and Change Them Regularly.
Locking your computer is important, but that effectively becomes useless if others know or can easily guess your password. Most organizations force their employees to change their password every 90 days. While this is great in theory, a common downside is that folks generally end-up creating weak passwords or using previous passwords so they don’t have to remember something new. This can be easily averted by using your own password creation methodology (click here to learn how to create strong and memorable passwords).
#3 – Be Suspicious of Suspicious Emails (and Websites)
Phishing is a term you hear all the time. But what exactly does this mean? In the realm of network security, phishing is when someone tries to bait you into clicking on a malicious link. There are just too many examples out there to post them all, but below are a few immediate indicators that an email (or website) may be dangerous:
- The Domain Name: Oftentimes you’ll see something that looks like “microsoft.com” but sneaky folks play on the fact that your brain subconsciously puts things into a plausible meaning by using context to predict the outcome. (fun read about this here on Mother Nature Network, mnn.com). To illustrate this, you might see an email from “firstname.lastname@example.org” or “email@example.com.” In these examples, our brain automagically forms an “m” from the two letters “r” and “n” and rearranges the “socr” to “cros” because it expects the household name “Microsoft.” Also, in many cases, the “rn” combination is so close together that is actually looks like an “m.” Recent examples of this include: rnicrosoft, misocroft, microsfrt, de11, rnsmbc, strabucks, starbuks… just to name a few. All of these had links that download ransomware to your computer.
- Email is Addressed to Your Email Alias: Any service be it banking, Amazon, Microsoft, Google, Etc…, is going to have your REAL name. When you see an email start to read “Dear George123,” (or whatever your email alias is) chances are, it’s a phishing email. Folks that generate phishing emails use simple scripts to address the email automagically based on your email address thus making is seem more personalized.
- Bad Grammar and Spelling: Despite the fact that most native English speakers don’t speak English very well, phishing emails tend to be riddled with spelling and grammar errors. Although, some of the more clever ones will copy text from legitimate emails to give their ploy more credibility and make them harder to spot. You might often see things like: “Dear Customer, Our records indicate that have not updated your acount information in the last 30 days. To update your accont in a timely manner, log in now update your information.” A quick glance, and you know something is wrong, but it still makes sense. In this example notice the missing pronoun between “that” and “have.” Also notice the misspelling of the word “account.”
- Content is Ambiguous/Vague: “Dear Customer” or “Dear Valued Customer” are common at the beginning of phishing emails. As mentioned earlier, most places will use your real name when contacting you directly. Reputable businesses usually only use “Dear Valued Customer’ when issuing blanket statements which generally do not have any links to login to your personal accounts. There may also be statements that could apply to a wide range of things. For example, a salesperson friend of mine received the following email: “Hi, I would like to place an order this month. Please check the attached file to see if you can supply the specific product I am looking for.” Of course, the link was to ransomware, and my friend clicked it.
- Hovering Over a Link Reveals Suspicious URL: IF my friend had hovered over the link in the aforementioned email, he might have noticed the link at the bottom of the page didn’t link to Dropbox at all… test this by hovering over THIS LINK and read what the actual URL refers to (not an actual site, but this should illustrate the point).
Bottom line here is that if the email seems even a little suspicious, it’s most likely one to delete. Verify with the sender of the email before clicking any links or opening any attachments.
#4 – Verify the Reputability of a Website:
Nowadays, online shopping is commonplace. It’s almost unheard of to buy something without researching it online and looking for better deals. But before entering any personal info, follow these simple steps:
- Use Google Safe Browsing: Okay, you’ve clicked through to a website that you’ve never been to before? Easily check the website by entering the URL into Google Safe Browsing.
- Domain Name (Again): As mentioned earlier, folks of the nefarious type will use visually similar URLs to trick you in to visiting their phishing site. Remember “misocroft” and “rnicrosoft?” Be vigilant. Read the URLs carefully.
- Notice the Obvious Signs: So, you clicked through (again) to a website and suddenly a million pop-ups appear, you get redirected to another site, and there are a ton of flashing ads and/or warnings that would cause an epileptic seizure… these are all signs that you most likely landed on malicious site. Navigate away from the site and close the pop-ups as quickly as possible.
#5 – Quit Downloading Random Freeware:
Everybody likes free stuff, and when it comes to software, we are no different. There is a googol of software titles online that are classified as “freeware.” Freeware is software that someone lets you download to use for free. More often than not, freeware is saturated with adware, malware, and viruses. Lowell Heddings over at Howtogeek.com wrote two great articles that EVERYONE should read before EVER downloading freeware again:
- Here’s What Happens When You Install the Top 10 Download.com Apps
- Yes, Every Freeware Download Site is Serving Crapware (Here’s the Proof)
Thanks, Lowell! You are making the world a better place with articles like these!
The scary truth is that hackers, scammers, phishers, etc… are making their ploys harder to detect. Keeping vigilant and making a habit out of being suspicious about emails and websites goes a long way to keeping your computer and network safe. I know it’s a lot of extra work to form these habits, but it’s more work to recover your PC after downloading Malware or Ransomware. More often than not, you’ll also end-up shelling-out some serious $$$ as well. Keeping these things in mind when browsing online and going through your emails can help.
Find out why TrinWare can help with IT Security.