Cybersecurity threats continue to be in a constant state of change and evolution as attackers discover new ways to compromise information and data, both at corporate and personal levels. In fact, the FBI’s Internet Crime Report from 2022 revealed that there are approximately 3.4 billion spam and phishing emails sent daily and that phishing is responsible for 90% of data breaches. The global average data breach cost was $4.35 million in 2022.

At SitelogIQ, we’re committed to educating our employees and customers on cybersecurity best practices as well as raising awareness about potential cyber threats to keep on their radar. Cybersecurity Awareness Month is a great time to review those tips and continue to educate ourselves to ensure we safeguard our sensitive information.

Cybersecurity Threats to Keep on Your Radar

Cybersecurity incidents continue to increase in frequency and severity and often require additional countermeasures or damage control to protect data and personal information. Of those incidents, the most common are phishing emails and social engineering. Phishing emails use deceptive emails, messages, ads, or sites that look similar to those you already regularly use and interact with in an attempt to steal your sensitive information. Social engineering attacks involve an attacker using human interaction and social skills to obtain or compromise an organization’s data or its computer systems. The most common social engineering threats come in the form of digital, in-person, and mobile/phone attacks.

The good news is there are a few key indicators that can help you identify and avoid these common cybersecurity threats. Be on the lookout for these red flags:

“Urgent, do this now!” The bad guys typically create a sense of urgency to get you to click a link or open an attachment.
Email addresses that closely resemble one from a reputable company by altering or omitting a few characters, for example, JDoe@gooogle.com or John.Smith@apple-support.in. The branding of the email can look legitimate but the email address identifies it as a scam.
Spoofed hyperlinks and Websites are made to look legitimate, but the URL may vary by spelling or site domain.
Poor grammar and sentence structure, misspellings, and inconsistent formatting throughout the message.

Our Top Cybersecurity Tips

In addition to the red flags listed above, there are a few cybersecurity best practices you can implement every day to help protect yourself online.

Multi-factor authentication (MFA) is a multi-step login process that requires users to enter more information than just their password. This provides an extra barrier and layer of security for your accounts. Since implementing an MFA solution our account breaches have significantly reduced.

Multi-factor authentication (MFA) is a multi-step login process that requires users to enter more information than just their password. This provides an extra barrier and layer of security for your accounts. Since implementing an MFA solution our account breaches have significantly reduced.

Create strong passwords for all of your accounts – the Center for Internet Security recommends using a passphrase, a longer password that is usually at least 14 characters in length, has spaces between words, contains symbols, and can be grammatically incorrect. These are often best if the words are completely random, which can be easy to remember but makes it harder for hackers to crack. You can use a random combination of words to form a passphrase or a keyboard pattern passphrase like “Quick Warm Earth Random Toboggan”. You can also use the first or last letter of words in a sentence to create your strong password. For example, “My first automobile was a black Ford pickup truck made in Detroit Michigan!” would translate to “MfawabFptm@DM!”.

There’s nothing “free” about free WiFi, software downloads, drivers, charging stations, etc. Selecting these free options may be a threat and a way for a hacker to access your data. Validate the source and only connect or download when you know with confidence that you are safe. Consider using a cellar hotspot instead when you’re not in the office or your home.

Before signing up for online services on your work device, check with your Information Technology team to ensure its security.

While Cybersecurity Awareness Month is a great time to refresh yourself with best practices, it’s critical to incorporate these best practices into your every day habits when receiving, engaging, and responding to any message – both professionally and personally. Keeping these tips and tricks in mind will help you protect your personal information and that of your organization.

Business today is more connected than ever before. We are constantly sharing sensitive information with customers, suppliers, partners, employees, and government agencies. There is an expectation on all of us that we will recognize the confidentiality and sensitivity of the data we are sharing and use the appropriate safeguards to protect it from getting into the hands of the wrong people.

At SitelogIQ, we’re committed to educating our team members and clients on what defines sensitive information and how to safeguard it. Throughout Cybersecurity Awareness Month, we are discussing social engineering red flags, how to properly handle confidential information, the dangers of insecure networks, and how to avoid credential harvesting attacks.

It is realistic, however, for some services or operations to require us to share personal information. This can include:

Personally Identifiable Information, such as email addresses, national ID numbers, and financial information
Protected Health Information, such as medical record numbers or health plan beneficiary numbers
Organizational Information, such as customer information
Classified Information, or information that has not been made public

If you are being asked to share any type of personal information or data, follow these verification steps to help ensure you’re sending the right information to a safe source:

Verify the source. Always confirm that the person who receives the data is the intended recipient (avoiding wrong email addresses, for example) and also has the authorization to access the data.
Verify the data. Sending the wrong data to the right person is no different than sending the right data to the wrong person.
Verify the method. Only transfer data via secure processes approved by our organization.

Cybersecurity Awareness Month is a great time to refresh yourself with best practices, but it’s critical to incorporate these guidelines into your every day habits when receiving, engaging, and responding to any unexpected or suspicious message – both professionally and personally. Keeping these tips and tricks in mind will help you protect your personal information and that of your organization.

Cybersecurity threats are always changing and evolving as attackers find new ways to compromise company or personal information. The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”

At SitelogIQ, data security is a key focus area within our Environmental, Social, & Governance (ESG) program. We believe it’s imperative that our team participates in ongoing education and is properly prepared to spot potential data security risks and take active responsibility in protecting our customer, employee, and partner data from harm. We talk a lot about fine-tuning our team members’ “spidey-sense”, or their ability to spot a threat. During last year’s Cybersecurity Awareness Month, we shared tips for identifying phishing emails, cybersecurity best practices, and more.

This year, we continue those efforts to educate our team and you on how to stop potential cyber-attacks. We’ll focus on identifying social engineering red flags, how to properly handle confidential information, the dangers of insecure networks, and how to avoid credential harvesting attacks.

Social Engineering Attacks

To kick off Cybersecurity Awareness Month, we’re focusing on social engineering attacks, which involve an attacker using human interaction and social skills to obtain or compromise information about an organization or its computer systems, as well as personal information. The most common social engineering threats come in the form of digital, in-person, and mobile/phone attacks. However, there are a few red flags to watch out for to help you spot a potential attack:

Email addresses that closely resemble one from a reputable company by altering or omitting a few characters.
Spoofed hyperlinks and websites are made to look legitimate, but the URL may vary by spelling or site domain.
Poor grammar and sentence structure, misspellings, and inconsistent formatting throughout the message.

Social engineering attacks are becoming more and more sophisticated as attackers tend to disguise themselves as someone you may know and request you to take immediate action, not allowing time to think and identify possible red flags. According to the FBI’s 2021 Internet Crime Report, 323,972 individuals reported being a victim of one of several types of social engineering attacks.

So, what should you do if you believe you’ve fallen victim to a social engineering attack?

Say Something: If you believe you might have shared sensitive information, report it to your organization’s administrators.
Change Your Password: Immediately change any passwords you may have revealed and make sure to also change other accounts that share the same password.  Use strong passwords of at least 12 characters with letters, numbers, and special characters.
Conduct Diligence: If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised.
Inform Authorities: Consider reporting the attack to the police, FBI, and regulatory bodies, and/or file a report with the Federal Trade Commission depending on the situation.

The next time you receive a suspicious email, phone call, or text message, remember what red flags to look out for and act immediately if you’ve fallen victim to a potential social engineering attack. Follow our Twitter and LinkedIn pages all October long as we share more helpful tips and tricks to help you stay safe online.