With Black Friday, Small Business Saturday, and Cyber Monday behind us, online attention turns now to the extended Cyber Week shopping event. In other words, the promotional emails may have slowed down a little—but they haven’t stopped altogether.
That means now is the perfect time to take a deep breath and reflect on the security of our digital identity. Most of us have logged in to and made purchases from countless websites over the last two weeks. But have we done it as safely and securely as we could?
The basics are simple: strong, unique passwords paired with multi-factor authentication, reliable data backup that’s regular, remote, and redundant, and up-to-date security for every device. But it takes more than just these layers to deliver comprehensive protection. A multi-faceted approach is necessary—especially in the wake of the busiest online shopping period of the year. On Friday, November 27, 2020, online sales topped $9 billion, a 21% increase over 2019. Analysts expect Cyber Monday 2020 to set a new record, with total spending of $11-12 billion.
Amidst this whirlwind of online activity, it’s easy to forget about digital common sense: what information we should and shouldn’t share, how seriously we should take threats to our privacy, and when a proactive approach to cybersecurity is needed. That’s why CMIT Solutions has collected the following 10 tips to give your digital identity the attention it deserves.
1) Beef up old passwords.
Are you still using something as basic as “123456” or “password123”? According to security experts, you’re not alone. More than half of us regularly use a password classified as weak—or so easy that hackers could guess it in seconds. If you’re guilty as charged, now’s the best time to change weak login credentials. Follow the US Department of Commerce’s National Institute of Standards and Technology’s (NIST) Digital Identity Guidelines. They recommend “Memorized Secrets”: long passphrases (at least 15 characters) that are easy to remember but still use distinct special characters—!, @, #, $.
2) Activate multi-factor authentication on all accounts.
Multi-factor authentication (MFA) is a two-step process that pairs something you know (your password) with something you have (a unique code delivered via text message or email, a fingerprint scanner, or another type of application that requires verification to login along with your password). This extra layer of protection can keep your accounts safe from cybercriminals testing out vulnerabilities or trying to use compromised passwords. Ever gotten an unexpected text message from Google or Microsoft with a code for password recovery but didn’t request it? It’s likely that a cyber thief was trying to access your account—but couldn’t because of MFA.
3) Consider the right password management tool.
Many consumers use free or cheap options like Google or LastPass, but these may not offer strong enough security for businesses. The best enterprise-grade password managers offer extra protection through dedicated web portals, browser extensions, and automatic sync and share across devices. Most also include another layer of multi-factor authentication, which helps to keep you and your business safe.
4) Stay alert for suspicious emails.
Those strange-looking scam messages proliferate this time of year—and they won’t slow down now that the busiest few days of online shopping have passed. The more information we look at, the better we become at spotting these spam messages. We can double-check a sender’s email address to confirm it originates from a legitimate domain name or review for typos and grammatical errors in body copy. Beyond that, we should all learn how to analyze URLs embedded in emails: when you hover over a web address, the target URL should match the one displayed. Another common ploy this time of year is fake notifications from shipping companies or financial institutions, along with spoofed holiday cards and gift certificates.
5) Manage your email notification preferences.
If you just don’t have the time or bandwidth to assess every promotional email that lands in your inbox, there’s an easy solution: reduce the number of them that you receive. Just scroll to the bottom of any message you may want to see less of and look for the “Subscription Preferences” or “Manage Subscriptions” button. Most companies will allow you to lower the frequency of messages you receive, or opt out altogether if you choose.
6) Team up with a trusted IT advisor to keep track of software updates and security patches.
Many of the most potent digital attacks have exploited vulnerabilities in outdated operating systems or hiccups in software versions. In many cases, those vulnerabilities could have been mitigated by the very software update that you dismissed. A reliable technology partner can help your business deploy those updates and patches promptly, keeping every device up to date while limiting downtime before it affects you and your employees.
7) Protect your private information.
In this data breach-obsessed day and age, treat any request for private information — like a Social Security number or credit card confirmation — as an immediate red flag. Legitimate websites and apps never request such data via email or phone, but hackers are always trying to find new ways to steal it by posing as health insurance companies or credit card issuers.
8) Avoid clicking on pop-up ads.
Irritating pop-up ads are a fact of life when you use the Internet. Whether it’s redirecting you to a spoofed external site that installs malware or attempts to swipe any saved passwords, all it takes is one click to lead to serious problems, Beware of viral headlines and “too good to be true” offers, as these are often used to entice unsuspecting users to click.
9) Back up your business data.
There’s one way to make sure your business can avoid the negative impacts of a wrong click, a ransomware attack, or an unintentional data leak: a regular, redundant, encrypted, and automatic backup of important information that provides a reliable point of recovery. You don’t want to put all your faith in an on-site data backup, which can be wiped out by a manmade or natural disaster. And you certainly don’t want to wait until after ransomware strikes to see if your important data was successfully backed up.
10) Give your employees the cybersecurity support they deserve.
Your staff can serve as the first line of defense against today’s cyber threats—as long as they have the education and support they need to spot phishing attempts and avoid malicious downloads. Strong security awareness training only enhances the around-the-clock protection necessary to safeguard your business.
Want to know more about online shopping threats? Looking to beef up the safety of your passwords? Need heightened protection to keep your business safe? Contact CMIT Solutions today. We work 24/7 to secure the data, devices, and digital identities of companies across North America.