The short answer is yes.
Over the past decade, numerous websites and organizations around the world have had their user database compromised, resulting in email addresses and passwords falling into the hands of hackers. The past year, in particular, was one of the worst in cybersecurity. Taking advantage of people’s concerns over the pandemic and the safety of loved ones, as well as the weaker IT controls associated with remote working, criminal groups increasingly switched to COVID-19 themed lures for phishing with much success.[1]
So what can you do to keep your information safe?
Look for Red Flags
According to Forbes, “we receive more malicious fake emails from the brands we trust than real ones.”[2] And experts estimate that phishing attacks account for up to 90% of cyberattacks by volume.
When deciding whether an email is legitimate or a scam, here are five red flags to look out for:
- Suspicious sender: There is often an extra letter or character in the email sender. Look closely, as it is often hard to spot at first.
- Urgent subject line: The language used in the subject line is designed to make you react quickly, reducing your ability to think critically.
- Unusual links: Hover your mouse over any links in a phishing email to make sure it is legitimate.
- Suspicious attachments: There is often an attachment, like an invoice you are instructed to pay, to avoid being caught by the spam filter.
- Poor quality images: An organization’s logo is easily copied from the internet, but it may then be low resolution. A legitimate logo should not be pixelated or distorted.
Keep Your Information Secure
To help keep your information secure, here are five tips:
- Two-factor authentication: Enable two-factor authentication when available. Many systems will prompt you to set it up or you can use an authentication app. This is an easy way to stop the vast majority of hackers from compromising an account. It’s not 100% fool proof, but it takes a lot of effort to overcome these systems.
- Strong and unique passwords: Use strong passwords that are at least 12 characters long and include at least one letter, one number and one special character. They should also be unique to each site or service you use.
- New passwords: Change your password regularly. While experts used to recommend every three months, as long as you are using strong and unique passwords, as well as two-factor authentication, it does not have to be as frequently—unless you become aware of a password breach.[3]
- Password manager: Consider using a password manager to store your passwords. Don’t use an unencrypted Excel or Word document saved on your computer, which can be easily hacked. As a bonus, password managers will also audit your existing passwords for weak or repeated ones to increase security.
- Work email for work purposes: From an office network security point of view, limit your use of your business email address to those sites you use for business purposes.
Check if You’ve Been Hacked
If you would like to see if your email address has been hacked or whether a password of yours appears in any known dark web databases, look for a reputable data leak checking site (begin by searching for "data leak checking site").
You can check all of your email addresses (work and personal), and even check some of your commonly reused passwords on some sites. Keep in mind, while a provider may have a very good list, none are 100% comprehensive.
For information on work-from-home security specifically, check out the Privacy Commissioner of Ontario’s privacy fact sheet, Working from home during the COVID-19 pandemic.
Lynne Yryku is the Executive Editor of The In-House Edition.