Protect your passwords with these cybersecurity tips.
Earlier this month, Verizon released its 16th annual Data Breach Investigations Report. Containing information on nearly 1 million cyber incidents, it’s the most statistically significant set of data compiled to date.
Verizon revealed that stolen credentials were the primary cause of data breaches, accounting for almost 45% of all breaches. This is more than double the 20% caused by ransomware, highlighting it as an area of concern.
The overwhelming share of attacks caused by stolen credentials should come as no surprise. Hackers use a wide range of social engineering schemes to try and harvest passwords and swipe logins. These include phishing, vishing, and smishing—attempts to trick unsuspecting users into sharing account info via phone calls, voice messages, or text messages.
Credential theft has also expanded in the face of the very tool used to combat it: multi-factor authentication (MFA). Typically, MFA alerts arrive in the form of push notifications from an app or unique codes delivered via email or text message. Hackers have determined that they can irritate users with repeated MFA prompts, hoping that just one person will unthinkingly accept the request to re-enter their password—and unwittingly share it with cybercriminals.
Social engineering schemes like these abound because of the profusion of public information available on the Internet. These include phone numbers, email addresses, academic degrees, and job titles, all of which hackers can use to impersonate a colleague or boss and try to pilfer private information.
How can you protect your information and keep your credentials safe?
Better protection starts with heightened awareness about the problem. In light of the findings from Verizon’s Data Breach Investigations Report, CMIT Solutions has compiled the following five strategies to protect logins and passwords while understanding the threat that data breaches pose to businesses across North America.
- Start with cybersecurity awareness training. Social engineering is one of the trickiest scams to understand and prevent. But well-trained employees familiar with common schemes and examples of attacks can provide a critical first line of defense for your business. However, you can’t expect those workers to accumulate that knowledge on their own. That’s why it’s so important to work with a partner who can provide relevant and engaging education that empowers your employees with the information they need to avoid falling for common attacks.
- Understand common threat vectors, even as scams evolve. Over the last two years, hackers’ attempts to steal information and compromise accounts have come in an endless variety of formats: fake COVID-19 text alerts, legitimate-looking emails inviting you to collaborate on a shared document, urgent requests to review an attached file, text-based shipping notifications, car warranty expiration notice phone calls, and even personal social media pleas engineered to appeal to your emotions. Yet all of these scam attempts share common threads: suspicious sender addresses, unfamiliar numbers, confusing language, persistent attempts to reach you, and missing email signatures. Cybersecurity awareness training will introduce these ideas—practicing them in the real world can help employees then heighten their alert level and help them understand what to do when a scam attempt arrives.
- Use caution with unexpected or suspicious email attachments or embedded links. Tricking someone into opening an infected attachment or clicking on an illicit link is still the easiest way for hackers to gain access to a computer or device. Popular email formats include PDFs, text files, images, or MP3s, while text messages will urge users to click a URL to confirm information. Instead, double-check links by hovering over, right-clicking, or long-pressing the link and looking for a legitimate web address that corresponds to the one displayed in an email or text message. You can also manually type the link in your browser to see if it’s legitimate. If you see unintelligible strings of jumbled numbers or letters, use caution and DO NOT CLICK.
- Never share personal, financial, or medical information with an unfamiliar sender. This may seem obvious, but one of the biggest threats of social engineering scams is their ability to manipulate users into sharing sensitive information. Be especially wary of any requests you receive via email, text, or push notification that ask for passwords, birthdays, account number confirmations, or other private details—even if the sender claims to be one of your colleagues, co-workers, or bosses. If you can, verify the authenticity of the attachment face to face (even in a virtual meeting) or over the phone.
- Deploy heightened cybersecurity protections for all systems. Certain measures can help to defend your networks, protect your inboxes, and secure the apps you and your employees use. A trusted IT provider can help you deploy multiple layers of protection to meet the needs of your business and your industry. For some, that starts with basic network security tools like anti-spam, anti-malware, and antivirus; for others, more advanced levels of protection are required: traffic analysis, advanced firewall defenses, SIEM/SOC, and other layers.
If you need help navigating the complicated world of data breaches and credential threats, contact CMIT Solutions today. We can help you protect your account logins and passwords, strengthen application security, and empower your employees with training and education. Together in the right combination, this can lead to enhanced protection and smoother day-to-day operations, allowing you to focus on the growth of your business while CMIT Solutions worries about IT functions and cybersecurity.