You’ve just received an email from a seemingly trusted company, telling you to take immediate action on something, but first, log in. Do you click on it?
Not so fast!
Snoop around a little more. Is the email address associated with the actual company and not a one-off account? If you can’t tell, contact the company using a different communication method (calls, in person, etc.) Are there any typos in the email? Does the link provided in the email match that of the verified company? Pay close attention to “http” versus “https” and backslashes.
If you run into any of those signs, you may have walked into an attempted cyberattack, more specifically a phishing scam. More than 90 percent of successful cyberattacks started with a phishing attempt, according to a 2017 study by the Better Business Bureau. And oftentimes, many small businesses aren’t aware that they have hacked accounts until it is too late.
October is National Cybersecurity Awareness Month, and Windstream Small Business is celebrating by bringing you tips and tools to keep your company protected.
Today, we’re giving you some early signs of attempted hacks that should raise a red flag.
- You can’t access your account.
- Someone sent out emails or wrote posts that you didn’t write.
- Your anti-virus or anti-malware software is turned off.
- You notice browser extensions or other software installs that you didn’t initiate. Extensions are mini-software programs that essentially extend your web browser with features and other services, such as Google Calendar or 1Password, a password manager program.
- You are getting a ton of popup ads when using your small business internet or across programs.
- You’ve noticed unauthorized transactions on your financial accounts.
If your small business email account fits the bill, here’s what you can do to take control of it.
1. If you still have access to the account, change your password.
Remember to have strong passwords that contain a mixture of uppercase and lowercase letters, numbers and symbols. Best practice also calls for you to change the passwords of your other online accounts — social media platforms, customer relationship management systems and others.
2. If you don’t have access to the account, regain control.
If you are locked out of your account, press the “forgot my password” link, and answer your secret questions. You can also get back into your account by using your backup email address.
3. Review activity on all sensitive accounts.
Most email services allow you to check where that account is currently logged in, from the city down to the device. If one of those is not you, the services will give you an option to kick off that login and walk through securing your account. Go ahead and check whether there are any other browser extensions or apps now attached to your internet or your computer that you didn’t install.
And if that email address is tied to other accounts, like banking or customer relationship management, contact those companies and review activity on those accounts as well. If you find something fishy, report it immediately.
4. If you notice that a hacker took personal information, whether consumer or employee, tell them.
Once you know that a hacker went off with customer information, you are required by law to tell the affected customers. The length of time between finding the breach and telling customers differ by state, but many recommend you do so immediately, even if you don’t know all the answers yet. You may also want to inform all your customers about the breach — how it occurred, what you’re doing to fix it and what customers can do if they worry about their own information.
5. Scan your work devices for viruses and malware, and eliminate the threats.
Your email may have been compromised through malware. You should be scanning your computer regularly for viruses or malware, but do it once more after a suspected attack.
Get rid of the issue, even if it means shutting down your website temporarily or buying new computers. If you’re not sure how to root out the issue, consider enlisting IT professionals.
6. Learn from your mistakes.
Know how the mistake occurred, and educate yourself and your employees about the matter. Also, take another look at your security plan, and update it with new prevention methods. As an example, put into writing a policy that mandates all employees use two-step verification to log into business email accounts.
And hopefully, you have created backups of your important information — and updating the backup regularly. That way, should your accounts be compromised, you can at least get back to that data as it was before the breach.
Now, go on and put some of these practices to the test! And if you’re already a Windstream Small Business customer, you can rest a little easier with our various value-add packs, including a security pack, and a la carte services, such as internet security and online backup and remote IT.