The latest Gmail Phishing attack reveals we need to be doing more to protect our information. This blog outlines 6 cybersecurity best practices you can put into place right now to avoid being hacked.
by Patricia Lundy
How is a company hacked? One of the easiest ways is through an employee’s compromised account. While executives are especially hot targets, every employee is at risk—and attacks are becoming trickier to identify. The latest Gmail Phishing attack is so sophisticated that even savvy technical users have almost fallen for it. Putting these 6 best practices into place can help you avoid even the most convincing of phishing attacks, which will protect not only you but your company.
1. Implement Multi-Factor Authentication – ASAP
This is one of the easiest things you can do to protect your information. That said, many knowledge workers, including executives, haven’t put it into place. Multi-Factor Authentication (also referred to as 2 Factor authentication) means it takes 2 authorizations to get into an account: the first authorization is your password and the second is a text code sent to your phone.
For example, if a hacker gets your password and logs into your gmail, they will be prompted to enter the code sent to your phone—which they won’t have. It is hands down the easiest way to add another layer of protection. Implement Multi-Factor Authentication any time it’s available, in both your work and personal applications. I have it turned on for Gmail, my banks, Amazon, and even Etsy.
2. Sign Up for Text and Email Alerts
When you log into an unrecognized browser, applications will usually send you a message confirming the login. You can also sign up for session updates regardless of the browser. These will confirm that you were logged on at a certain date and time. If you weren’t, somebody else was accessing your account.
3. Use a VPN When Working Remotely
Your favorite cafe does not have secure wifi. The same goes for airports, airplanes, and anywhere with public wifi. When you’re working on the go, you need a Virtual Private Network to ensure that your information is encrypted. There are many affordable VPN options that offer accounts for individuals and teams, like Barracuda and Cloak.
4. Verify Address Bars When Prompted to Sign in or Download
The latest Gmail Phishing scheme took advantage of the way people are programed to visually percept things that seem almost correct. This is what happens when your brain glosses over incorrectly spelled words when you’re editing a piece of your own work because they look very close to being right. Google uses a lock symbol highlighted in green to show a link is secure—and red with a slash to show a link is not. The phishing attack used regular black text in the address bar, leading the user’s eyes not to flag it because it’s uniform.
In the address bar, always look for a lock symbol before the web address to ensure its security and validity. In Chrome, the lock will be green. In both Safari and Chrome, click on the lock to verify its security. Another key trick: if there is any text that comes before the https://—don’t proceed.
5. Use Antivirus That Scans for Malware
While Antivirus is not a panacea, it can prevent or slow down attacks, and it can also alert you if your machine has been compromised. Trusted brands included Intego, Norton, and McAfee.
6. Only Evaluate Compliant Software & Application Providers
Everyone should make security a priority. When considering new software or application providers, make sure they take security seriously, and are up to date with the latest security compliances in their industry.
Bottom Line
While hackers will continue to carry out sophisticated attacks, if you have extra precautions in place, you and your company will be a less attractive target. The extra effort is worth it when it comes to protecting your information.