Complete Payroll takes our clients' data security and privacy very seriously. That is why we are sharing some helpful tips with you to increase your cyber awareness knowledge to protect yourself. These are just a handful of behaviors you should train yourself to include in your daily rituals.
Everyone can be a target: Think of all the information you have access to in your life, there are people out there that are interested in getting access to it. Be wary of emails asking you to share confidential information. Watch out for requests for information that start with “Dear Sir/Madam” or other non-English grammatical errors.
Practice good password management: Use a strong mix of characters and numbers when creating passwords. Don’t use the same username and password for work and personal accounts. Don’t leave notes around with passwords on it.
Lock your devices: Don’t leave your computer, phone or other mobile devices unattended in public or in the office. Make sure to lock your screen when you are not using them, don’t wait for the screen saver to do it for you.
Don’t be Click Happy: Be careful when clicking on attachments or links in emails. If the information being requested in an email is suspicious for any reason, delete it and reach out to the sender in a new request. There are “actors” out there that spoof information hoping that users respond quickly to the requests. Take your time to read all of the information requested, don’t just click on a popup message without reading what it said.
Be Aware when Browsing the Internet: Sensitive browsing, banking or shopping should be done a device and network you trust. When entering sensitive data, ensure the website has https:// and a padlock identifying itself as a secure website. Just because Google found a website and placed it at the top of the search list doesn’t mean it is secure and should be trusted. Don’t configure your mobile devices to auto connect to unsecured WiFi networks.
Avoid Becoming a Victim
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- All users should be wary of requests in emails, even if they appear to come from known contacts. Scrutinize links carefully and "question the intent of the email content," rather than taking emails at face value. If you receive a suspicious request, "confirm the email is legitimate by calling or emailing the contact."
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Keep it Updated: Make sure to keep your devices updated with the latest software available from that vendor. Run windows updates regularly, keep your web browser and anti-virus software updated, and also make sure your mobile devices are running the latest software.
Common Scams to Look Out For
Look out for tax-related phone and email scams. The phone scam involves pre-recorded messages threatening to suspend or cancel a victim’s Social Security number, and the email phishing scam involves a fake agency—the “Bureau of Tax Enforcement”—claiming that the victim owes past due taxes. Don’t automatically trust caller ID information and don’t share your Social Security Number over the phone with anyone that you don’t know. Also you should just hang up on robocalls.
Look out for emails from “CFO” or other high ranking officers in your company asking you to click on an attachment or to update bank account information. If that person does not normally make those types of requests to you, contact them personally via other means to verify request. Email impersonators hope that you do not take your time when reading the emails to notice the grammar mistakes, the incorrect FROM email address, or the unusual email fonts or other non-standard formatting changes. Remember that It isn’t that hard to find email addresses of employees of companies from social media websites to engineer a phishing attack. This type of diligence may add a few minutes to your day, but it's trivial compared to the damage that can be caused by falling for a phishing attack.