Thursday, June 7, 2018
You’ve just received an email from a seemingly trusted company, telling you to take immediate action on something, but first, log in. Do you click on it?
Not so fast!
Snoop around a little more. Is the email address associated with the actual company and not a one-off account? If you can’t tell, contact the company using a different communication method (calls, in person, etc.) Are there any typos in the email? Does the link provided in the email match that of the verified company? Pay close attention to “http” versus “https” and backslashes.
If you run into any of those signs, you may have walked into an attempted cyberattack, more specifically a phishing scam. More than 90 percent of successful cyberattacks started with a phishing attempt, according to a 2017 study by the Better Business Bureau. And oftentimes, many small businesses aren’t aware that they have hacked accounts until it is too late.
Today, we’re giving you some early signs of attempted hacks that should raise a red flag.
If your small business email account fits the bill, here’s what you can do to take control of it.
Remember to have strong passwords that contain a mixture of uppercase and lowercase letters, numbers and symbols. Best practice also calls for you to change the passwords of your other online accounts — social media platforms, customer relationship management systems and others.
If you are locked out of your account, press the “forgot my password” link, and answer your secret questions. You can also get back into your account by using your backup email address.
Most email services allow you to check where that account is currently logged in, from the city down to the device. If one of those is not you, the services will give you an option to kick off that login and walk through securing your account. Go ahead and check whether there are any other browser extensions or apps now attached to your internet or your computer that you didn’t install.
And if that email address is tied to other accounts, like banking or customer relationship management, contact those companies and review activity on those accounts as well. If you find something fishy, report it immediately.
Once you know that a hacker went off with customer information, you are required by law to tell the affected customers. The length of time between finding the breach and telling customers differ by state, but many recommend you do so immediately, even if you don’t know all the answers yet. You may also want to inform all your customers about the breach — how it occurred, what you’re doing to fix it and what customers can do if they worry about their own information.
Your email may have been compromised through malware. You should be scanning your computer regularly for viruses or malware, but do it once more after a suspected attack.
Get rid of the issue, even if it means shutting down your website temporarily or buying new computers. If you’re not sure how to root out the issue, consider enlisting IT professionals.
Know how the mistake occurred, and educate yourself and your employees about the matter. Also, take another look at your security plan, and update it with new prevention methods. As an example, put into writing a policy that mandates all employees use two-step verification to log into business email accounts.
And hopefully, you have created backups of your important information — and updating the backup regularly. That way, should your accounts be compromised, you can at least get back to that data as it was before the breach.
Now, go on and put some of these practices to the test! And if you’re already a Windstream Small Business customer, you can rest a little easier with our various value-add packs, including a security pack, and a la carte services, such as internet security and online backup and remote IT.