Lake Street Advisors Blog

A Technology-Enabled Life Requires a Cybersecurity Mindset Shift – Lake Street Advisors

Written by Paige Yeater | November 10, 2020

If you have an email account, online banking access, and smart devices such as doorbells, thermostats, or security cameras, then you are under attack each day. Hackers are seeking to social engineer everyone’s technology-enabled life and the more devices and accounts we have, the more we need to develop a mindset for cybersecurity.

With the rise of connected devices and smart homes, our awareness for what information and data is out there becomes difficult to manage. This year especially, with more time spent at home, people are finding new ways to take advantage of home automation. While smartphone enabled garage doors, ovens, lights, and listening devices (like Amazon Echo or Google Assistant) make our lives easier, they also leave doors open to hackers. With such connected lives, vulnerabilities exist between those connections.

By March 2020, Google reported an increase of 350% in phishing attacks. Executives and their teams across industries need to be more vigilant about social engineering. Compromised information most commonly occurs through email phishing; it starts as an email link that someone shouldn’t have clicked, or a document they shouldn’t have opened. We often think of phishing attacks as a professional or business-oriented problem when in reality, hackers blur the lines between personal and professional access points. This means it’s not only important to prepare your workforce for phishing attacks but also your family.

With so much change this year and hackers becoming more sophisticated, it can be difficult to remain vigilant to threats over email, which is why it’s important to begin adopting a cybersecurity mindset. Information is important and must be protected, as the consequences could result in stolen data or lost money.

As you, your colleagues, and your family begin developing a mindset for cybersecurity, here are a few best practices:

    1. Create long, complex passwords. Passwords should be at least 12 characters long, but the longer the better. It’s important to avoid words or number sequences personal to you and your family. A password manager can help generate and store complex passwords.
    2. Utilize Multi-factor Authentication (MFA) whenever possible. This ensures at least two steps to authenticate whomever is accessing your accounts and will provide additional protection if your password gets compromised
    3. Limit who you share information or account access with. Even within your family or close professional colleagues who require access. Separate user accounts with shared access is a safer route than shared login credentials.
    4. Avoid sending confidential information over email. With confidential information, hand delivery or a phone call whenever possible will reduce your chances of that information being intercepted. Delivery of information through a secure portal is a better option than email if information must be delivered electronically.

And when it comes to family, even with children that have grown up with technology, we must educate them on staying safe online. Again, the lines are blurred for hackers, and it’s not uncommon for senior-level executives to be targeted. For family:

    1. Don’t share accounts. If at all possible, keep email and other accounts separate. Think of your Amazon account, you can create multiple users rather than sharing a single login.
    2. Apply the same email safety at work to your personal email. This requires educating your children with personal email accounts on identifying phishing attempts; their school accounts are controlled environments that don’t allow external emails, so they’ve been generally shielded from phishing.
    3. Be thoughtful about what you share on social media. The more you share about your location, vacations, possessions, the more others can learn about whom you’re associated with and how they might access your information.
    4. Have a complex home Wi-Fi password. The password your router comes with is likely very old. Safeguard your home with an updated password often. 12-14 characters is recommended with a mix of letters, symbols, and numbers.
    5. Consider a multi-user Password Manager. This will help you keep track of complex Wi-Fi passwords, along with other complex account passwords. Some password manager applications like LastPass allow multiple users for your family members or those managing your family’s accounts.

When it comes to social engineering by email, there are some simple best practices you can follow, keeping your cybersecurity mindset a daily practice. Those emails that spark doubt in their authenticity can be further scrutinized to ensure you’re not falling into a phishing trap:

    1. Scan for common indicators of a phishing email. Be suspicious of emails with:
      • Time stamped messages sent at strange times of day
      • Sender email addresses that are from “phishy” domain names (gogle.com, dell3.com, MICROSFT.com, etc.)
      • Subject lines with generic greetings or no subject line at all
      • Body of emails with uncharacteristically bad spelling or grammar, and requesting personal information, especially if it’s urgent
      • Messages requesting that you open an attachment
    2. Pick up the phone. If you know the email sender but something about the email is suspicious, voice verify by giving them a call to ensure the email was sent intentionally.
    3. Avoid sending sensitive data. Never send particularly sensitive data such as social security numbers, account numbers, or passwords in an unencrypted fashion.
    4. Avoid clicking links within emails. Rather, you can navigate directly to the website you’re trying to access. Embedded links within emails aren’t always linked appropriately.

In the flurry of daily meetings, demands, and decisions, don’t let security fall through the cracks. Taking simple yet intentional steps to adopt a cybersecurity mindset could have a lasting impact. Start by asking yourself a few questions; what information could someone get through my email (information on investments, assets, retirement)? What could someone do with this information? Who else has access to my email?

 

Paige Yeater is the Director of Information Security Program Management at Mainstay Technologies. Mainstay provides comprehensive managed IT and Cybersecurity services for businesses of all sizes throughout New Hampshire and Northern Massachusetts.