When You Need em ask Neadom: Online Safety

Hey guys, this weekend on When You Need em ask Neadom, we're going to talk about online safety. Are you safe or not? I don't know—we'll see you real soon.

Hey guys, this week on When You Need em ask Neadom, we're gonna talk about online safety. We're gonna talk about three areas of safety: social media, your company website, and work email. In those three areas, we're going to cover what you need to do to make sure you're being safe and help you stay away from hackers a little bit.

Social Media

Social media, we've talked about it in many videos in the past. First, verify your privacy settings. Make sure you're sharing stuff maybe only with friends or maybe only with friends of friends. I'd stay away from that; I'd only share my information with friends.

When you make your posts public, we want to make sure you're not putting information out there for everyone to see. Like, maybe you don't want to post your birthday or that you're going on vacation or something like that. You really want to stay away from posting stuff like that. But you know, sometimes you do. You're excited or whatever you have your baby, your baby's name, stuff like that. Stay away from putting that stuff as public. Only do it to friends. That’s going to help give you some safety.

Also, if you're using a public page for your company, really try to stay away from posting information that may be used in some sort of social engineering attack. Like, “Our new CFO Joey Beans”. He's our new CFO or maybe someone is the new president. These are keys that hackers use to come into an organization. A lot of change makes things happen. A new person might not know your current cybersecurity policies, and hackers may use that to gain access into a system.

Websites

Let’s talk about websites. Your company website is like a 24/7 salesperson. It's out there advertising for you. Too many people give out too much information on their website company org structure, how the organization is put together, who the primary points of contact are, extensions, email addresses. All of this is more information for a hacker to use in a social engineering attack or even to brute-force their way into an infrastructure.

Let’s say they find out the controller is an elderly person who typically isn’t up to date with trends. They may target that person to get access to financial information. Or maybe they find out the CEO is the oldest person in the company—he’s had the company for 45 years—and his email address is on the website. He’s really prone to phishing attacks.

Be really cautious about what information you put out there. Make sure your frontline people—those getting messages directly from the internet—are trained on what to do, how to detect a potential fraudulent email, and how to check that information as it comes in. And again—train, train, train your people.

Work Email

The last thing is work email. This is where we find a lot of clients don’t really understand what the requirements are. If you're a medical practice, you fall under HIPAA. If you're in finance, you fall under Sarbanes-Oxley. Any of these types of organizations fall under compliance issues.

If you're sending out personally identifiable information (PII) about someone you're caring for, or any information that links a person to an identity, that data must be encrypted when communicating between individuals. You want to make sure that when you're communicating with someone outside your organization, and you're sharing any information that can link the person in the email to a real human, that information is encrypted.

That’s going to help keep your company protected and safe online. Because if someone grabs that message in transit and it’s unencrypted, they have access to that information.

How easy is it for that to happen? I can’t tell you how many times our clients have been caught in what’s called a man-in-the-middle attack, where all their emails are being forwarded outbound to another location. An encrypted email service would help prevent that. The person on the other end gets the encrypted message, and if they have their password settings set up right, they receive the encrypted message. The person who intercepted the forwarded message wouldn’t get it because it wasn’t sent outbound in plain text.

So again—different ways to protect yourself online.

Hey guys, that sums up another week of When You Need em ask Neadom. Remember—stay safe online. If you need help learning how to keep your business safe, reach out to us online. If not, we’ll see you next time. You guys stay safe. Bye now.