OK, here we go!
P is for Pause.
Pause before ever clicking on something that you’re not expecting. When we say click, this means with your mouse, your keyboard, AND your phone. You’re likely familiar with “phishing”, but have you heard of “smishing (SMS phishing)? This is where a bad actor sends you an SMS text message with a malicious link that takes you to somewhere you don’t want to be. Smishing is really gaining popularity amongst thieves to hack your personal devices.
Common cues that call for suspicion include requests for financial information or PII (personal identifiable information). Bad actors also like to use a sense of urgency to get you to act on their requests before thinking twice about it. As a fail-safe, it’s always a good idea to follow-up with the individual, via another method of communication, if you are suspicious of an email or text message requesting action.
As a bonus tip, remember to leave your cell phone number off your out-of-office when you go on vacation. Our company was recently targeted by a team of bad actors who sent an email to our CFO, saw his cell number on his out-of-office, then sent a text to his cell phone pretending to be our CEO asking him to “check on something.” We changed our policy on out-of-office notifications the next day. No. More. Cell numbers.
U is for Update.
Be aware of and perform all the updates for each of your devices (phone, tablet, laptop, etc.). This includes your operating systems, your network and software updates, and patches. Cybercriminals know that people tend to be relaxed about applying updates and take advantage of it. In fact, 42% of Americans wait to update their phone’s operating system when it is convenient for them while 17% never update at all.
Outdated software and operating systems leave your device open to vulnerabilities that can lead to malware and other cyberattacks. Security patches are critical and need to be completed on a regular basis to help maintain the highest level of device protection. Don’t wait until it’s convenient.
M is for MFA (Multi-Factor Authentication).
MFA is arguably the single most important thing you should set up for every single application you use. We would have led with this as our first tip, but then we couldn’t spell PUMP as an acronym. You are likely already using MFA with your ATM card, it’s both something you have, the card, and something you know, your PIN. By using both factors even when (notice the word is when) your password gets compromised an attacker will be unable to access your account because they won’t have the second factor.
Remember that MFA is recommended for EVERY account – from your banking to your social media, and even those one-off applications for running gadgets on Bluetooth. This is a must. Popular applications like Google and Microsoft office apps give you MFA capabilities built-in, so please use them! It is estimated that 99.9% of account-related attacks can be stopped by applying MFA.
P is for Password.
Yes, it sounds boring to keep harping on passwords, but remember that even if you have MFA enabled, this is your first line of defense. Get to know the secure password managers that are available on the market and use them for every one of your accounts. We recommend a tool like LastPass, so that you don’t have to remember any password ever again. Using complex phrases or password generators that create 16-character passwords is the most secure way to prevent hackers from guessing your password or using brute force attacks on your accounts.
The newest technology is passwordless authentication, where you use factors other than a password to access your account. The wonderful thing about this type of authentication is because of the technology going on behind the scenes, it is both safer and easier for the user. This is emerging technology and not every service supports it yet, but be aware that it is coming to a device near you soon.
Remember…Pause, Update, MFA, and Password. You can even PUMP up your whole team’s cybersecurity awareness by sharing this article, or by contacting Arctic IT. We will provide you with a phishing awareness kit and even help you deliver training to your staff on the dangers to be aware of every day. Connect with us today at firstname.lastname@example.org to learn more.