Blog

Passwords, Phishing (and other "P" words)

Steven Burkett//Security
Lock symbolizing data protection and cybersecurity.

Spry Digital is proud to be a Data Privacy Week Champion – recognized by the National Cybersecurity Alliance – and a supporter of Safer Internet Day. When it comes to the workplace, security is everyone’s responsibility. Staying safe online should be the top priority of any organization working with information technology, data, confidential information, etc.

While you may have security guidelines in place for your organization’s employees, it is a good idea to remind them how to be safe online in both the workplace and in their personal lives. Below are some reminders and resources to share with your employees. 

Passwords

Most people know they need strong and unique passwords for every site. But they don’t always put that knowledge into practice. Thinking that encrypted passwords are strong and that complex passwords can be used repeatedly can lead to compromised credentials.

Unique Passwords

The fundamental rule is: Have a unique password for every site. 

Resources are available that can help you create unique passwords and check if your current passwords have been hacked.

 

Hacking 

If you’ve ever used a User ID/password anywhere, assume a hacker has it. It may seem like a lot of credentials to keep track of, but it’s worth it to know that your accounts, data and information are secure.

how_hacking_works.png
How people think hacking works vs. how hacking actually works. Image courtesy of xkcd.

Password Management

Having a solid password management system in place can be beneficial. At Spry Digital, we use Lastpass.com, which can be used for both business and personal online security. It requires two-factor authentication (2FA) – the new standard. 

Phishing

Phishing isn’t just for email anymore. Text, phone calls, social media, Slack, etc. can all be used for phishing schemes. Oftentimes, attacks are multi-source and can use clever targeting methods that trick even the smartest of people. 

phishing_license.png
Phishing license. Image courtesy of xkcd.

Be Aware

Don’t rely on bad grammar or strange emails to identify phishing attempts. Stress can get the best of us, and urgency out of nowhere triggers our nervous system to respond quickly, leading us to miss important details.

Trust your instincts, and communicate anything “phishy” to the appropriate person at your company. And if you do fall victim, report it immediately. 

For personal communications, contact the business being fraudulently represented by using a phone number or email obtained from its official website. 

Keep software and websites up to date

When you see an alert on your phone or computer that a new software update is available, don’t ignore it. Updates often contain patches to provide increased security. Hackers are creative and constantly changing their tactics, which means software must continue to evolve to provide safety to the end-user. 

Mike Clubb, Development Team Lead at Spry Digital, stresses the importance of staying up to date. “Security is our top priority at Spry Digital. As soon as we see a security update is released, our team is hard at work, evaluating which sites may be impacted and how quickly we need to take action.” 

If you are responsible for maintenance of a personal or business website, watch for security alerts and evaluate them for the level of criticality. While some may have little or no impact, others may be ranked at a severe level and need urgent attention. Sign up for email alerts for your CMS, and use social platforms, such as Twitter, to get real-time information. 

Dawn Hieger, VP of Client Engagement, reinforces this message with clients. “While we do our best to schedule maintenance for a time that is convenient for our clients, we must keep in mind that a small maintenance window may prevent a hacker from taking down a site. We are constantly considering our clients and how we can provide the best service for them. This includes making sure their sites are secure.”

Keep Your Organization Safe Online

The cost of cybercrime rose 10% in 2021, with the average data breach costing $4.24 million, according to IBM. This is the highest average total cost since IBM began reporting this statistic in 2004. It is predicted that those costs will continue to increase each year due to the rise of remote work and the risk of compromised credentials when it comes to secure logins. There’s no better time to educate your workforce and enhance your security measures than now.

Every day should be Safer Internet Day, so join us in being diligent with security measures and committing to being a Data Privacy Week Champion. If you have questions about the security of your website, don’t hesitate to contact us. We’re happy to help.