Cybersecurity Practices Everyone Should Follow Each and Every Day

2024 was a banner year in the worst possible way: cybersecurity threats broke records and incessantly targeted individuals and small businesses alike. Are there tools to help prevent these threats through detection and mitigation? Of course… but they unfortunately can only do so much to avoid the vulnerabilities caused by insufficient cybersecurity practices.

The following guide is intended to fix this, reinforcing such practices so they remain top of mind and are easier to enact regarding the data you work with every day. As such, we encourage you to share it so it can educate as many people as possible.

Make Sure No Password is Repeated, Anywhere

I’m not saying it’s easy, but it is incredibly important that each and every password you use is 100% unique and private… otherwise, you’re highly at risk of putting your business in danger through potential data theft.

Here’s why, in a nutshell: let’s say your Google account has the same password as your business credit card. If one of the many vendors you use that card with is breached, you could very well lose access to your Google account and everything that is attached to it, too. What’s worse, there’s little to no guarantee that you’ll hear about this happening for some time. Even the largest, most capable entities can take months before fully identifying and publicizing news of a data breach.

This makes it essential that passwords are never repeated across your accounts. Instead, they all need to be unique, each at least 14 characters long and using a healthy mix of character types: numbers, letters, and symbols. 

Consider adding a password manager as part of your security best practices. We touch on this in our blog: Password Managers Have Become Essential Tools for Individuals and Businesses

Use Multi-Factor Authentication

Also known as two-factor authentication, MFA/2FA is an additional layer of security that protects your accounts by requiring additional proof of the user’s identity before providing access to a protected resource. Whether you need to provide a code sent to your email or SMS message, or generate one in a standalone application, you effectively have to prove you are who you claim to be and have the device you are supposed to have before you can access the information an account holds.

We will historically always recommend utilizing one of the many applications that enable the latter option. Otherwise, all it would take to undermine your security is to gain access to email or SMS messages.

MFA is available in most accounts and logins, and can be enforced across a business network before users can access Windows.

Click Mindfully

Or, in other words, think before you click! Every email you don’t expect to receive should be treated with a healthy bit of suspicion… and that goes double if there are links, attachments, or an urgent tone in the message. This is because cybercriminals will actively try to trick you into clicking on malicious items using these ruses and manipulating your emotions to make you panic. However, instead of fixing a nonexistent problem, the message will introduce actual malware or steal data from your systems.

Instead of clicking on links freely, it is far safer to hover your mouse over the link, crucially without clicking, and check for the URL that should pop up at the bottom left side of the window. This address will tell you where the link actually goes. You aren’t done yet, however.

You also need to make sure that the URL doesn’t have any hidden tricks or traps. For instance, let’s consider some hypothetical Amazon URLs:

First, you need to pay attention to where any periods appear in the URL. If any appear after the domain name, there’s a very good chance that the web address will direct you to an attack.

• https://www.amazon.com/gp/help/customer/account-issues - This is safe, because there isn’t a period after the .com. 
• https://support.amazon.com/ - This is safe, because the extra period is before the company’s domain name (in this case, amazon.com)
• https://support.echo.amazon.com/customer-support/password-reset - Again, this is safe because there are no periods after amazon.com, regardless of how many subdomains (extra periods) are before it in the URL.
• https://support.amazon.ru - Time to slow down. While Amazon does legitimately have a .ru domain, not every business has every variation of domain extension (like .org, .net, .co, .co.uk, etc.). As soon as you get something you don’t expect, start to scrutinize even more.
• https://amazon.passwordservices.com/help/account-issues - This one is dangerous. This URL is technically taking you to a site called passwordservices.com. We just made that up for the example. Anyone could purchase that domain (or something similar) and spoof the URL to say Amazon before the first period. It’s tricky because it’s easy to miss.

Let’s take a look at another example, using Visa:

• visa.com - Safe
• visa.com/activatecard - Safe
• business.visa.com - Safe
• business.visa.com/retail - Safe
• visa.com.activatecard.net - Suspicious!
• visa.com.activatecard.net/secure - Suspicious!
• visa.com/activatecard/tinyurl.com/retail - Suspicious!

Keep in mind, these URLs above may or may not be in use currently; we’re just approximating some for the sake of example!

Report Any and All Suspected Scams

There are so many types of scams out there to remain cognizant of, including:

• Phone scams and robocalls
• Phishing attacks
• SMS/Text message scams
• Sketchy or fraudulent ads
• Social media scams and misinformation
• Social engineering attacks

• Lottery and prize scams
• Settlement and debt relief scams
• Fake charity scams
• Financial scams
• Employment scams
• Romance scams
• Fake tech support scams

Statistically, this makes it incredibly likely that you or someone you know will at the very least run into one, if not fall for it. If this happens, it is infinitely better not to hide it, but to come clean about it, report it, and learn from it.

We Can Help Keep Your Business Secure

Don’t let a cyberattack cost your business its money and reputation. Take steps to protect it by reaching out to us! Give us a call at 607-433-2200 to learn more about what we can do to keep your business and its assets safe.