October 2022 | Clear Insights | Information Technology Memorandum

By Chris Serna | Education

Cybersecurity Awareness Month

Being that October is cybersecurity awareness month, I thought it prudent to share some tips and best practices that you can hopefully use to keep yourself, your information, and your devices safe while operating in today’s ever-connected world.

The number one attack vector in the world is email. The reason for this is that the most successful attacks focus on the single greatest weak point in devices, networks, or services - People. Social engineering attacks are those which manipulate people into divulging sensitive information or perform actions which have a harmful effect on the user. The most common attacks using email involve some type of phishing, which is when fraudulent emails are sent to you attempting to impersonate a trusted person, service, or company. These phishing emails try to get you to perform some sort of action; usually clicking a malicious link, opening a dangerous attachment, or providing personal information such as banking info or account credentials. Falling victim to a phishing attack can put your information, your device, and/or your network at risk.

Here are some best practices to avoid falling prey to a phishing attack:

  • Look closely at the sender’s email address, not just the name of the sender. Phishing emails will often change the sender’s name to someone you trust, but the actual full address will contain misspellings of names or strange numbers and characters that are out of place.
  • Think before you click. If an email seems suspicious and you were not expecting a link or attachment to be sent to you from a certain sender, think twice before you click and open it. A good way to check if a URL is malicious is to hover your mouse over the link. Most internet browsers will provide you with a pop-up that contains the full text of the URL. Ensure that the website you are expecting to go to is in the URL. When in doubt, you can always go directly to the official website via web search instead of clicking email links purporting to go to that site.
  • Keep an eye out for non-specific email salutations. Phishing attempts are often sent out en-masse, so the attackers do not take the time to personalize the greeting. If you receive emails that have a generic opening such as “Hello User”, “Dear Customer”, “Dear Account Holder”, proceed with caution.
  • Urgency of action or response. Phishing attempts try to scare you into action. If you feel that something is incredibly time sensitive, you often overlook the details of the email, such as obvious grammatical error or spellings errors, mismatched sender names and addresses, or generic information that does not pertain to you. These emails will often have subjects such as “URGENT !!” or “IT Reminder: Your Password Expires in Less Than 24 Hours” or “Change of Password Required Immediately”.

Here is an annotated example of a phishing email, with the items in red boxes that should be red flags for recipients:

Some final tips:

Devices and data: Protecting devices is important for safeguarding your emails, accounts, and data and avoiding identity theft. Out-of-date devices and software are a leading access point for attackers.

  • Be skeptical of messages with links, especially those asking for personal information.
  • Enable the lock feature on all your mobile devices and update software immediately.
  • Enable multifactor authentication on your apps and accounts when available.

Signing-in: One of the most important ways to improve the security of your online accounts is to protect your sign-in process.

  • Use a password manager or consider going passwordless (using identification such as fingerprints, facial recognition, or security hardware keys, in lieu of providing a password).
  • When going passwordless is not an option, create strong passwords (at least 12 characters long but 14 or more is better; a combination of uppercase and lowercase letters, numbers, and symbols).

As always, the entire Clear Capital team thanks you for your continued trust and confidence in our team, and we wish you well on your investing journey and beyond.