TSP1, LLC (303) 917-3355

Call Today (303) 917-3355

Symantec Blogs

Tech NOTES TODAY

image4

Modern Security Tips

"Top 10" Online List of Secure Computing Tips


1. Don’t tap or click a link in an email message or document and expect it to take you to a financial site. Take the time to type the address into your browser. You’ve heard it a thousand times, but it’s true. 


2. Don’t open an attachment to any email message until you’ve contacted the person who sent it to you and verified that she intentionally sent you the file. Check the RELY TO email address, as Phishing attempts come from known lead roles, posted on your website, or LinkedIn, etc. Verify it's from the user's email, with exact spelling, as some Phishing goes as far as changing the Reply To email, by one letter, or easily missed change. ie: username@denverteam.com, changed to username@denvertaem.com, or @denvrteam.com.
Even when legit, it can be a virus, so use your judgment and simply email the fellow staffer, a new email, asking if they meant to send this file or link, to you.
Any request to change, edit, alter, send ANY financials should not be done online, ever. Internal Company Policy should be to require two signatures for any financials, or talk in person. 


3. Don't use or open your or any personal email on office systems, and vice versa, do not open work email on your home pc, unless it's verified secure.
Please never Remote into office Servers, using any pc other than your work pc, that has been setup via the IT team/us.

Please never use your work email address to create any username, ie: Hotels, Amazon, you name it.  Nor use Social Websites, click links. Simply use your work email, for work or work system, and even then if you receive an attachment from a coworker, if you are not expecting, or it isn't common, still do not open right away, first email them, using a new email, and ask if they meant to send, said file/attachment. 


4. Today, many emails can say your bosses name, or fellow employee in the descriptive name, but if you Reply To, verify the reply To address is legit. Spoofing is when you receive a message claiming to be from someone you know, yet the Reply to email address is fake. * Esp beware if they ask to change any bank or financial information, or ask anything of you, including, to click a link or file. Best to email them directly, outside the sent email, and inquire about the suspicious email. Your boss will not get mad, that you waited for his/her confirmation, and most internal company policies are to Never digital request for financials, that should be managed in person, or signed off on. Trust your instincts, and be suspicious as your IT Admin can deploy the most secure Anti Virus and End-Point protection on earth, but it's your caution that ultimately protects your work. Security starts between the ears. 


5. The most secure way to store passwords in 2018 is to use a dedicated password manager, or encrypt a file, and save to cloud account - never save password in your web browser.  An intruder who has unrestricted access to your computer for even a minute can view and copy all of your saved passwords just by visiting an easy-to-remember settings page: chrome://settings/passwords.


The best password managers for 2019

https://www.digitaltrends.com/computing/best-password-managers/


6. Don’t forget to change your passwords.  and don’t use the same password for two or more sites. ** If you reuse your passwords, make sure you don’t reuse the passwords on any of your email or financial accounts. Some companies require password changes, but its your efforts that make the difference, at work and home.  Security starts with the end user practices, as all the leading Anti Virus programs are learning the newest vulnerabilities day to day. Its up to us, to help stop the villains!


7. Don’t use Wi-Fi in a public place unless you’re running exclusively on HTTPS-encrypted sites or through a virtual private network (VPN).


8. There are lots of scams — and if you hear the words “Western Union” or “Postal Money Order,” run for the exit.


9. Don’t trust anybody who calls you and offers to fix your computer. The “I’m from Microsoft and I’m here to help” scam has gone too far. Stay skeptical, and don’t let anybody else into your computer, unless you know who he is.


10. Don't let others use or know your Office login, no matter if you work together or are friendly. Better safe than sorry.

Steps to avoid Phishing Scams:

Protect your Personal Information:

  • To protect yourself from falling victim to a phishing scam, it's important to be very cautious with your personal information including your usernames and passwords.
  • Some phishing scams divert you to a fraudulent website designed to look like your bank's website or a similar trusted source.
  • When you enter your username/password and other information, that information is transmitted to the con artist, who can abuse it later on.

Beware of Suspicious Emails and Do not Click Suspicious Links:

  • Be very suspicious of any emails you receive from trusted entities like your bank.
  • If the email contains a link, don't click on it.
  • Deceptive links that mimic legitimate URL addresses are a common tools con artists use in phishing scams.
  • While these addresses may look official, they usually contain inconspicuous differences that redirect you to a fraudulent site.
  • Instead of clicking on the link, type in the web address of the institution into the browser to access the website.

Know the Common Phishing Language:

  • Look out for common phishing language in emails like "Verify your account."
  • Legitimate businesses will not send you an email to ask for your login information or sensitive personal information.
  • Also, look out for emails that try to convey a sense of urgency.
  • Warnings that your account has been compromised, for example, are a common way to lure victims. Again, contact the company directly to inquire about such emails rather than using any link or other contact information provided in the email.
  • Finally, be wary of any email that does not address you directly.
  • While some phishing scams will use your name in the email, many are sent out as spam messages to thousands at a time.
  • Most legitimate businesses will use your first and/or last name in all communication.

Count on authenticated websites:

  • If you visit a website with a padlock, click on the padlock.
  • It should show you the name of the organization that applied for the padlock. If the name does not match the name you know, be very suspicious.
  • To learn more about padlocks and the security they provide online, visit InstantSSL.com.
  • Remove any and all Staff from your website. Remove Roles, Names, Emails, and simply list one email for them to contact you ie: aboutus@domain.com.
  • Never list any financials on your website, LinkedIn, or any Social Media, such as Reports, Tax Documentions, unless you blank out, and black our Accounts, PIns, etc. Our recommendation is to talk with your Web Designer, and create a Secured Page, if you absolutely need a portal for financial docs, but we still recommend using secure FTP. Ask us about implementing SecureFTP in your office, or Cloud shares, that have secure only access.

    It's good practice to look at all the emails and websites suspiciously. Getting sucked into a phishing scam can cost you thousands of dollars and a good amount of your valuable time. An ounce of prevention now can save a pound of cure later.