Cyber Security Awareness Month
October is Cyber Security Awareness Month and our Chief Technology Officer, Paul Abramson, shares 6 ways to avoid common cyber scams for you and your business.
Avoidable scams such as compromised emails, email impersonation, SMS text-based phishing, romance, and employment scams are on the rise, so now is an excellent time to perform an annual review of business processes, conduct training, and have conversations with colleagues and family members.
Follow these 6 easy steps to avoid being scammed:
1. Establish secure lines of communication
Set expectations with those you frequently communicate with. Tell them you will never text them to purchase gift cards or update direct deposit information. Check the contact info on file with your bank (especially phone numbers). It is excellent practice to verify requests through a phone number that has been previously established. If you will be contacting people using a personal email address, ensure the email address is verified and that others' emails should never be trusted. A common technique used by fraudsters is to register new webmail accounts with the same first and last name of someone you know and use it to impersonate them.
2. Verify Transactional Data Out of Band
Always verify transactional information like wire instructions using publicly available information. For example, if you are closing on a house and receive wire instructions by email from the title company, search for the title company’s main office phone number using a search engine and call it to verify the information. If you regularly pay a vendor through wire or ACH, create templates in online banking and ensure any changes to the template are similarly verified before use.
3. Review User Access
Any user accounts on systems used to conduct business should be periodically verified to ensure the accuracy of assigned permissions and information. For example, check that the company still employs everyone with an account on your corporate email system, and all users to your business’ online banking platform are assigned the correct level of authority.
4. Protect Your Domains
Ensure the vendor portal used to register and manage your domain names is protected against unauthorized access and changes. Set up multifactor authentication and strong passwords. Ensure changes to DNS are approved and monitored. Set up DMARC, SPF, and DKIM to protect your email messages from being spoofed. Communicate with people you do business with so that you won’t contact them using personal email addresses or text messages.
5. Enforce Multifactor Authentication on High-Risk Accounts
Email accounts, online banking, domain registrars, and DNS providers should all be protected with multifactor authentication. Never reveal the generated codes to anyone, and be suspicious if you unexpectedly receive one. If available, use MFA methods like soft tokens or authenticator apps instead of those utilizing text messages or phone calls.
6. Promote Security Awareness and Perform Tests
During the month of October, many resources available to start a conversation with your colleagues and family members. Share stories, tips, best practices, and lessons learned. Performing simple tests is also a great way to start a conversation and make it realistic. For example, register a new webmail address and send an unusual request to someone you work with. You might be surprised at just how easy it is to be impersonated!
