Data Privacy Day, which takes place annually on January 28th, is a global effort to educate consumers and organizations about the importance of privacy, promote easy ways to protect personal information, and illustrate to organizations that good data privacy is good business.
Consumers are very concerned about how the companies they do business with are using their data, particularly since the pandemic forced everyone to shift a significant portion of their lives online. Over 80% of consumers told Pew Research that they feel the potential risks of companies collecting data about them outweigh the benefits.
Here are some quick tips for consumers to protect their data privacy online, and for organizations to be good stewards of the data they collect.
3 Quick Data Privacy Tips for Consumers
Be cautious about handing over your personal information. Don’t give out personal information online unless you initiated the contact or otherwise know who you’re dealing with. Never click on email links soliciting personal information, and never download unknown email attachments. Go to the organization’s website and contact them directly.
Be cautious about app permissions. Don’t just blindly click “accept” when installing apps; take a look at what the app is asking to access, and be wary of apps that ask for a lot of personal information.
Secure your passwords. Securing your passwords is fundamental to securing your online privacy. Use strong, unique passwords for every online account and app, enable multi-factor authentication (2FA) on all accounts that support it, and use a password manager like Keeper. Keeper automatically generates unique, high-strength, random passwords for all your sites and apps and stores them in a personal, encrypted digital vault that you can access from any device, running any operating system.
3 Quick Data Privacy Tips for Businesses
Know your data. Many organizations are storing an enormous amount of “dark data,” an ominous-sounding name for digital assets that they’re not using and that they may not even know exist. Perform an audit of your existing data stores so that you understand what you have, and dispose of any dark data that isn’t subject to compliance holds.
Assess your data collection processes. Review your existing data collection practices and policies so that you have a thorough understanding of what personal information you’re collecting or processing. If you don’t need a piece of data for business or compliance purposes, don’t collect it. In addition to protecting consumer privacy, this protects your organization; cybercriminals can’t steal what you don’t have.
Secure your employees’ passwords. Verizon estimates that over 80% of successful breaches are due to weak or compromised passwords, so the biggest thing you can do to secure your data is to secure your employees’ passwords. Mandate the use of strong, unique passwords, and 2FA.
Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200 or visit mPoweredIT.com.
Cloud-based office productivity solutions, including Microsoft 365 (formerly Office 365), enable remote workers to communicate, collaborate, and work from anywhere. Unfortunately, cybercriminals are using these productivity apps to breach organizational networks. One of the attacks currently making the rounds is a phishing scheme that leverages the automated notifications that Microsoft apps send to employees whenever they’re mentioned in a group chat or a document.
Microsoft Teams Phishing Scheme
SC Magazine reports on a phishing scheme targeted at users of Microsoft Teams, a group communication and chat tool. Employees receive an email with the subject header, “There’s new activity in Teams.” The body of the email notifies them that their co-workers are trying to reach them and contains three hyperlinks: “Microsoft Teams,” “[contact] sent a message in instant messenger,” and “Reply in Teams.”
The email is designed to look like legitimate communication from Microsoft, the type that remote employees receive all day long. If the employee clicks on any of the links, they’re taken to a phishing website that looks like the real Microsoft login page. Should the employee not realize that they’ve landed on a phishing page and enter their login credentials, those credentials, as well as any other information stored on their account, will immediately be compromised.
Protecting Your Company from Notification Phishing Scams
Advise your employees not to blindly click on notification emails, even if they seem to come from a legitimate vendor like Microsoft or Google. Yes, we get a lot of them, all day long, but it’s important to read them carefully. If the recipient doesn’t recognize the document they were tagged in, they should contact the person who allegedly sent it and verify that the notification is legitimate.
Require that employees use multi-factor authentication (2FA) on all accounts that support it. With 2FA enabled, even if an employee’s credentials are compromised, cybercriminals won’t be able to access their account without the second authentication factor.
Every day, millions of people use Google Chrome, which accounts for 67% of the worldwide browser market. Out of those millions of people, a fair portion use incognito mode in an attempt to maintain their privacy and stay safe on the web.
But incognito mode isn’t as safe as you might think. While it does offer some minimal degree of privacy, it is in no way a shield against snoopers, nor is it an invisibility cloak.
What Incognito Mode Actually Does
Essentially, when you switch on incognito mode you’re telling Chrome not to remember what you’re about to do, but that doesn’t mean that no one will save your information.
This can be very useful in protecting your data from other people with physical access to your computer, like family members and friends. For example, if you wanted to search for a surprise getaway for your spouse, it’s a good idea to turn on incognito mode. That way, your past searches for “tickets to Honolulu” won’t show up when your spouse hops on the computer and starts typing another search term that starts with the letter “t.”
It’s also extremely helpful for when you’re borrowing someone else’s computer or using a shared computer, like in a library, at work, etc. When you put on incognito mode before logging into a website, you can rest assured that your browsing data and login info won’t be saved — by Chrome, that is. There’s always the risk of keyloggers or other malware logging your information.
But if you actually want to stay safe and maintain your privacy online, you need to take additional security measures.
What Incognito Mode Does Not Do
Incognito mode only prevents your data from being saved in Chrome (or another browser) on the computer you’re using. It does not prevent other parties, like your ISP, websites, or cyber criminals using packet sniffing tools, from viewing what you’re doing.
Think of it like this: imagine you’re in a room with two other people, and you have a serum that makes someone forget everything they hear and do over the next two hours. You give one person the serum and tell them a secret. In two hours, they won’t remember anything, so your secret’s safe with them.
But wait — there was still another person in the room listening in on your conversation, and they didn’t get the serum. Now, there’s still someone out there who has your secret, and they can do whatever they want with it.
This is the problem with incognito mode: it will make Chrome forget what you tell it, but there are still other people in the metaphorical room with you. There’s your ISP and the websites you visit, and if you’re in a public place, there may also be cyber criminals using packet sniffing tools to view all the information you send.
Even though your browsing history and cookies will be deleted once you close out of the incognito window, your data can still be traced back to you.
The internet is a treacherous place, and incognito mode doesn’t do much to protect you. While it’s useful for keeping your browsing history safe from friends, family, and coworkers, incognito mode doesn’t prevent your data from being openly broadcast to the world wide web.
If you want to stay safe on the web, the best thing you can do is contact mPowered IT at 678-389-6200 or visit the mPowered IT website to protect your cyber security.
Online shopping has been overtaking brick-and-mortar retail for years, and the COVID-19 pandemic has put the shift to ecommerce into overdrive. As cases resurge in many areas, consumers are increasingly turning to online gift-buying as a safer alternative to crowded stores. However, while virtual aisles hold no threats of COVID-19 spread, cyberthreats loom large, particularly threats against user passwords
Consumers are woefully unaware and unprepared to protect themselves against threats as their shopping moves online.
Here are five tips to protect your online security while online shopping.
1- Pay with credit cards, not debit cards
It’s good practice to never use a debit card to make online purchases. Payment card theft is one of the most common types of cybercrime, and it can happen even at known retailers. While consumer protection laws limit consumers’ liability for fraudulent credit card charges, debit cards don’t offer the same levels of protection. Additionally, a cybercriminal armed with your debit card number can empty your bank account, leaving you with no money to pay your household bills.
2- Shop at familiar stores
‘Tis the season for cybercriminals to set up phony online storefronts to phish for payment card data and other personal information. Patronize well-known retailers or stores whom you have previously done business with. If you are tempted by a merchant you’ve never heard of, Google the company’s name and look for its social media sites, customer reviews, and its record at the Better Business Bureau. Steer clear of any merchant who requests payment by wire transfer or cryptocurrency.
3- Beware of social media “coupons”
Phony social media “coupons” are another scam that’s increased in frequency since the beginning of the pandemic. Often, these coupons claim that recipients can get deeply discounted or free merchandise, with even more rewards if they share the link to their social media feeds. The links lead to malicious websites that attempt to phish for victims’ personal information, install drive-by malware on their computer, or both.
4- Beware of phishing schemes
Phishing schemes have risen dramatically since the COVID-19 pandemic began, and schemes are getting more sophisticated. In addition to email, you may receive phishing attempts through social media messaging or SMS. These messages, which are often designed to appear as if they’ve come from legitimate retailers or shipping companies, may ask you to “confirm” your account or purchase information by clicking on a link, or they may contain attachments that purport to be a “receipt,” “shipping notice,” or “coupon”. Never click on any unsolicited links or attachments. If you doubt the legitimacy of a message, go directly to the company’s website and log in that way.
5- Protect your passwords
Use strong, unique passwords for every online account, enable multi-factor authentication (2FA) on all sites that support it.
How often should you change your passwords? We all know we should be changing our passwords, but how often is “often” enough? Some people never change their passwords, and even worse, recycle the same (or similar) passwords for almost all of their online accounts. This is a dangerous practice that can lead to security breaches, identity theft, and more.
Passwords are, unfortunately, often neglected by everyday people. We have enough to worry about on a daily basis without adding password security, right? The problem is that security breaches and cybercrime are on the rise. If you think it can’t happen to you, it most certainly can! Every year, thousands of Americans are victims of cybercrime and identity theft and fraud, costing billions in damages.
Protecting your passwords and personal information starts with securing passwords. Your passwords are your first line of defense against intrusion, and there are some rules to follow for best password practices. Let’s take a closer look at some important password guidelines that can help you take back control of your internet passwords.
When Should You Change Your Password?
After A Security Breach: With massive breaches like the Capital One and Target breaches in recent years, consumers have been put at risk from hackers halfway across the globe and on domestic soil. When a company declares they’ve experienced a data breach, you’ll want to change your password as soon as possible to protect your information. If your info has been compromised, you’ll typically be alerted by the company.
If You Suspect Unauthorized Access: Don’t wait until there’s glaring evidence of unauthorized access of your account(s). By that time, it’s usually too late. If you suspect someone is attempting or has attempted to access one or more of your accounts, change your passwords ASAP. It’s always better to take preventative measures than to wait until the damage is done.
If You Discover Malware or Other Phishing Software: A virus can put your computer at risk and leave your personal information exposed. If you discover such software on your computer after a scan, change your passwords immediately; preferably from a different device until you’re certain the virus has been removed.
Shared Access: Lots of people share access to accounts like Netflix and other media services. Some even share access to a joint bank account and access the info via web or mobile app. If you share access with someone you’re no longer in contact with, change your password as soon as possible. It’s best to not trust anyone outside of your circle of trusted people with your passwords. Ex-spouses or significant others, friends, and previous colleagues shouldn’t have access to any of your accounts.
Logging In At Public Places: Using an unsecured network to log in to your accounts is a good way to have your password stolen. If you visit the library or use a public network, change your password afterward.
Managing passwords is a responsibility that falls on both us as individuals and businesses. Without proper password habits, it’s far easier to fall victim to cybercrime and identity theft; each of which costs the nation billions in damages every year. Take control of your passwords with a password management and better protect your personal information and your identity.
Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200 or visit mPoweredIT.com.