by GSV Operations
Cyberattacks and other online security issues remain a significant threat to modern businesses everywhere – no company is immune. Each day brings a new story about how cyber criminals have infiltrated yet another unsuspecting company, wreaking havoc on their systems, data, customers, and ultimately, profitability.
With today’s cybercriminals becoming more and more sophisticated, everyone has responsibility to understand vulnerabilities and risks and learn how to take measures to protect both personal and company information and systems. Here are some top tips for staying vigilant against bad actors…
Hackers can infiltrate email accounts and lie dormant for weeks or even months, watching and learning everything the account owner does. They learn how the person writes and who they write to, and then, at an opportune moment, send email directly from the victim’s account pretending to be them. They might request access to sensitive data or platforms, which appears completely legitimate. Remember:
- Always verify the source of sensitive requests either by phone or in person.
- Sensitive requests – like for wire transfers, passwords, or access to protected data – that appear to be urgent should prompt additional scrutiny.
- Even email that comes from a company’s internal email server could be a compromised email account.
Social Media Pitfalls
Hackers can ferret personal information from social media posts, such as personal email address, hobbies, likes, etc. They use the intelligence they gather on social media platforms to craft convincing clickbait sent to email. So how does this affect companies? With the prevalence of remote work, cyber criminals count on people checking personal email from work devices and vice versa. Remember:
- Avoid publishing your personal email address on social media sites such as LinkedIn.
- Treat all emails with caution, even if they appear legitimate or from someone familiar.
- Hackers target organizations by sending phishing (general emails sent to large groups) and spearphishing (specific, targeted emails sent to one or a few) attempts to both work and personal email accounts.
Hackers search the dark web for recycled, easy-to-crack passwords and then use them to gain access to other accounts. Because unique and lengthy passwords can be difficult to remember, people tend to use the same or slightly modified passwords across multiple sites. These run a greater risk of being discovered and manipulated by cyber criminals. Using long, complex passphrases, rather than short, simple passwords is a best practice, as is making sure to use a unique passphrase for each site or account, rather than recycling the same password. Remember:
- A passphrase is usually a sentence that includes a combination of letters, numbers, spaces, and unique characters which increase complexity for the best level of security.
- Password management tools can help store unique passphrases and prevent recycling across multiple accounts.
- Two-factor authentication (also known as “2FA”) adds an extra layer of security and should be used on accounts whenever possible.
Hackers try to capitalize on people’s hurried schedule and lack of time. They create phishing schemes that relate a sense of urgency, such as “urgent” notifications to click links or buttons to update software, dispute a (fake) charge, claim a package, reset an expired password, and the like. With phony attempts becoming more sophisticated, it’s better to be safe than sorry, and report any suspicious activity. Remember:
- Whether someone has fallen victim to a threat or not, it’s always a good idea to report anything that seems suspicious. This can go a long way in keeping the organization safe.
- Frequent security awareness training is a great way to keep cybersecurity top of mind and encourage people to stay proactive.
- Companies should ensure their employees know the proper methods and channels for reporting suspicious email and cyber activity. Simply deleting suspicious email is not enough.
GSV takes cybersecurity seriously and has experts on staff to advise its portfolio companies on best practices to mitigate and remediate potential security issues that can plague any business, particularly SaaS companies using cloud-based technology.