Watch an overview of this post on YouTube: https://youtu.be/3AlCKkBRbCU
As you’ve probably heard, Crowdstrike released an update that created a Microsoft outage, that impacted much of the world. From airlines to businesses, metro train routes, and more.
In light of this event and the many other cybersecurity events that happen constantly these days, there has never been a better time to be proactive with your security measures.
We take security very seriously at webFEAT. Here are some tips we give to our family, friends, and customers.
Phishing is the first big one. Simply put, phishing is when someone sends you an email pretending to be reputable, and they leverage that to entice a person to click a link, and ultimately steal your information or gain access to systems you utilize.
For example, maybe someone sends you an email saying they’re American Express, and they have you “login to your account” or “reset your password”. They’ll use branding on the emails that looks similar to what would actually be sent out by American Express too, which is a big way people get tricked.
Sometimes utilized in part with phishing, is spoofing. This is when someone fakes using an email address/email sender name, but really the email address is something else. Again, ultimately trying to gain access to something or steal information.
With these tactics, it’s important to always be vigilant, and do some checks if you’re unsure about an email. Better safe than sorry is extremely true in these situations.
We have clients that email in all the time about fake domain registrations, emails claiming email passwords need to be reset, etc. If you work with us or a technical company, never hesitate to forward the email over that you’re unsure about to get it checked before clicking a link or sharing your information.
On your own, you can verify email sender information. For example, if you saw an email that said it was from me, you could verify that it said something like “From: Ray Cheselka <ray.cheselka@webfeatcomplete.com>”. If it were being spoofed, it might be something like: “From: Ray Cheselka <alsabc113@yahoo.com>”.
Here is a real example:
Also, you can contact the “company” reaching out, with their actual information. Referencing the American Express/card example again, you could call the number on your card for assistance to verify if they actually emailed you requesting information.
Websites
With websites, scammers usually try to redirect traffic to their site in order to generate traffic, rankings, or ad revenue. If you have a security software on your computer, it can help you identify these sites with ease. We recommend having a virus/malware software on your computer. There are many out there. We like ESET.
Usually, the software will prevent you from even going to a site, or give you a warning, so that malware doesn’t even have a chance to get on your computer.
If you own or utilize a website, there are several things you can do to keep it secure:
- update passwords (more in next section on this topic)
- utilize secure hosting
- utilize firewalls
- utilize security plugins
- disable comments
- don’t use the standard login URL (ex: /wp-admin/ or /wp-login/ are standard with a WordPress site, use a different one. Security plugins like AIOS integrate a login URL changing feature)
- keep plugins/themes updated
At webFEAT, we’ve done extensive research to protect our website and the websites we host or manage. We leverage multiple firewalls, and third parties like Sucuri for an added layer of security, everything mentioned above, and more.
We’re constantly learning and integrating more to strengthen our security posture internally and for our clients. Continual improvement in this area is of the utmost importance. The landscape is constantly changing, and this is especially true now that AI is in the mix.
Passwords
We’ve all got a lot of logins and passwords now. They can be tough to manage.
My dad has always had a notepad with his logins, that thing has to be like 15 pages deep at this point. I thought it was funny and he should move into the future, but looking at it now, it’s probably the most secure way to protect your information, because it’s only accessible physically.
However, there is password management software that can be integrated into your browser and on your phone to securely store your information. Those will have a master password.
Personal: LastPass
Business: Passbolt
These will allow you to securely store all of your passwords in one place, and they offer secure password generators for when you need to update your passwords, reset them, etc. It can make your life a lot easier, helping you automatically login places, and you’ll never lose your login information. We’ve all been in those situations where we’vr had to reset our password.
It’s important with any master password or general password to keep them updated, and make them random.
It’s the same concept as your garage door passcode. You don’t want to make it 0000, 0123, or your birthday. Go for unique/random, something hard to guess.
Also, if 2FA (2-factor authentication) is offered, that is a great layer of security that can protect your accounts. It can be tedious, but it’s better than getting your bank account hacked.
Some websites/platforms are going straight for phone number/email verification, where to login you just get a code sent.
Bottom line here: Make your passwords unique/random, update them frequently, and leverage 2FA if it’s available.
Phone/Computer
On your phone and computer, there are other considerations outside of security software and password managers that keep potential vulnerabilities closed.
Keep your apps updated (set to auto-update)
Keep your operating systems updated (set to auto-update)
With phones, people can scam you with texts that utilize phishing techniques, but they can also call you.
My grandma, unfortunately, was conned by someone pretending to be her grandson, and getting her to secretly withdraw cash, and ship it to Florida. All of this security stuff is complex, and can be difficult for our grandparents to understand. Try to communicate things like this to them on a general level. I tell my grandma that if she’s ever unsure to call me.
I did a search and found that these people may have been caught. Terrible human beings, and sadly they’re out there doing things like this every day. It’s important to make your elders aware.
Credit
Last thing, credit alerts. Banks, Credit Cards, etc. are really good now at monitoring your credit. Usually, it’s free too.
Pay attention to email/text notices regarding credit alerts from your bank or credit card. They can stop a scammer in their tracks by alerting you to any funny business going on with your information.
For example, I recently had a personal experience with this. I received the following notice:
When I looked into it, it seemed off. I hadn’t requested any loans, cards, or anything like that. So I went to my local Chase, they had their team look into it, and found that someone was able to apply for a credit card in my name. They shut down that application, and are now further investigating to try and catch the culprit.
Usually, the credit notices just say that you had a balance decrease, or your score increased, etc. But if you open a new loan, card, etc. It lets you know. These are great, and most banks/cards are offering enhanced security services now too, at a low cost. Much like security software, but on a deeper personal level.
You can never be too safe, be proactive
Keep yourself, your family, your websites, your business, etc. safe by being proactive, and keeping these tips in mind.
Scammers are trying to steal information and use it or sell it every minute of the day.
It’s scary, but if you make yourself a more difficult target, there’s a strong chance you’re in the clear. Even if something does happen, you’ll be prepared to handle it.
If you’re ever in doubt, contact someone you trust, a tech company you work with, or us!
We’re always fighting back against those do harm to people and businesses by breaching security.
If you’re interested in having us manage your website, hosting, or just want to pick our brain, contact us.
*Cover photo background was generated with AI via Canva*
