Internet scams — like the phishing one that hit a number of Google Docs users last week — are on the rise, making individuals and businesses potentially vulnerable. Luckily, there are a few things you can do to protect your business from such attacks.
We’ve all probably chosen an easy password just to get through a signup process quickly once or twice. Maybe you’ve used your name and birth date or some other easily cracked combination of personal information. Maybe you, like millions of others, have used the word “password” or some version of it. And maybe you’ve used the same password for multiple accounts (or all your accounts), or recycled old passwords for new accounts.
If any of the above rings true, it’s time to step up your password security game. Here are a few very basic tips:
- Don’t use common words or any number/letter sequences (e.g.
“monkey“, “12345“, “abcdef“)
- Don’t use the same password (or a very similar password) for multiple accounts
- Don’t reuse or recycle old passwords
- Do choose unique passwords for each account
- Do use a combination of uppercase and lowercase letters, numbers, symbols, and spaces when given the option.
Having a unique password for each account can make it hard to remember them all, so you may want to use a password manager (examples include: LastPass and 1Password) to securely store all of your passwords in one place, and have the site or app automatically plug them in when you go to log into a website.
Also, it’s good to avoid sharing your password with others (even employees, assistants, etc.). Genbook, for example, lets you give staff their own logins, so that they can access what they need on your account, without the risk of your master/admin login being compromised. This will protect you and your business, and allows you to choose the level of access your staff has.
Processes and protocols
All businesses need safety protocols, which includes what emails should or should not be opened or forwarded, who is allowed access to the company computer, who has access to passwords, and so on. Write a list of protocols for you and your staff, to help protect your business from being compromised.
Practice extra vigilance with emails
Keep an eye out for scam emails. Some use an obviously suspicious email address you’ve never heard of, but others may use a recognizable email address or one that looks very much like one you’ve communicated with before. The latter is dangerous, and many fall prey to the scams and give out their login details as a result.
If you receive an email from a company asking for your login details, check first with the company through the official email (for example, firstname.lastname@example.org) or by logging into the website directly as you would normally (not via any links in the suspicious email) to find out if the request was real or not. Genbook will never ask you for your login details, and will not send you an email asking you to verify your email address, except immediately after you sign up for an account.
Check security certificates
When you access any website, you’ll be able to see on the left-hand-side of the URL box whether it’s a secure connection, and whether the site is verified or not. It’s important to check these things to ensure that the website you’re giving your information to is safe and secure.
In Safari and Chrome, there will be a little lock and a note saying ‘Secure’. But this isn’t necessarily enough, because anyone can get a certificate of security. It’s whether it’s been verified or not that matters. If it just says ‘Secure’, the website doesn’t have the highest security verification, the way Genbook does.
For sites such as Genbook, you will not only see a little lock, but you will also see the full name of the business (Genbook, Inc [US]). This is how you’ll know whether the website has high-security verification.
Scammers can set up websites with ‘Secure’ certificates, so you need to make sure the spelling of the URL is correct. For example, if you are sent a link to www.genbok.com, you’ll be able to tell that it’s not www.genbook.com. Keep an eye out for spelling errors and high-security verification markers in URLs.
What to do if your business is compromised
Unfortunately, even with the very best security measures and protocols in place, any site or account may still be susceptible to hackers or scammers. Even if the chances are small, it’s still good to have a plan in place for what to do in the event your business gets compromised in some way.
- Change all your passwords
- Alert your bank, check if any funds have been taken, and follow the bank’s suggestions for securing your accounts
- Check all of your website plugins to see if any of them were responsible for the breach
- Use a virus scanner to check if there’s any malware on your computer
- Download security plugins on your website
- Conduct a security audit to check for any issues