By Bahar Ferguson
With the continual increase of phishing, ransomware and other cyber-attacks, it is important to assess your required business operations to determine where you can improve your own internal security, assist your customers by helping keep them safe and have more efficient communication.
While it is daily business in many industries to send links, attachments and DocuSign files to customers, the real estate industry is particularly reliant. The property buying and/or selling process is filled with links to properties for the prospective buyer to check out: MLS sheets, comparables, offer letters, etc. While much of this can be handled in person, as the world continues to demand instant information and an ever-increasing reliance on electronic communication, a good percentage of this communication is occurring via email.
Unfortunately, cybercriminals are taking advantage of our continued dependence and acceptance of electronic means to conduct business. These criminals are finding great success in the lack of time we, as technology users, take to properly investigate an email, link or file before opening what turns out to be an infected item.
Not only is cybersecurity and user diligence important to keep your own information safe, it is also necessary to help reduce or eliminate the spreading of a virus to your customers. Here are four tips to help secure your own network and subsequently not cause havoc to your own customers.
1. Implement an acceptable use policy. Also known as a fair use policy, an acceptable use policy (AUP) is an integral component of a company’s monitoring procedure. An AUP is designed by the owner of a network or website governing how the platform should and should not be used, explaining various monitoring strategies used to enforce such behaviors and the consequences for policy violations.
One purpose of the AUP is to reduce legal action by creating standards of behavior by individuals using these platforms and providing notice to users of monitoring activities aimed to ensure adherence to the guidelines. It is here that a company can define what behaviors are unacceptable, such as excessive use of resources or time-wasting activities, distribution of confidential information, distribution of indecent or offensive data and other security measures surrounding virus transmission or dissemination.
2. Slow down when using technology for communication. This cannot be emphasized enough. It is incredibly important to slow down and investigate the file or email you have received to determine if it is legitimate.
We have seen an increase in spoofing attacks, where the cybercriminal, who has accessed information regarding the company, its customers, etc. (either through a quiet email hack or other methods), purchases a domain similar to that of the target user to create an almost exact email replica and sends customers invoices with “updated payment methods.” And of course, the very common email to key contacts requests the wiring of money or simply sending virus-laden files. The spoofed domains may replace a “q” with a “g” or leave out a letter that, without careful attention, may go unnoticed.
Additionally, slow down to determine whether the request follows normal procedure from the company supposedly sending or just checking to see where the link actually will take you instead of actually clicking in order to see where it takes you.
Unfortunately, that is only one part of the issue. Even if you are never hacked or your domain isn’t spoofed, the rise of cybercriminals using DropBox, DocuSign, UPS, etc., as covers for reasons for people to open files causes any legitimate files sent, to be properly introduced. It is important to check the sender and determine whether you should be receiving an email. When in doubt, delete. Also, if it claims you have a UPS package to track or need to change your account password, you can go to the site directly in your browser and log into your account for updates or to make any necessary changes. Skipping clicking links in questionable emails is always a smart move.
3. Be smart with passwords. DO NOT reuse passwords. Initially that suggestion may cause daunting horror upon anticipating remembering dozens of unique passwords; however, password managers have come to the rescue. Password managers like DashLane or LastPass will help keep all your passwords in one place, randomize so each is unique, alert you to any potential password or website breaches, etc. It does take a little time to set up initially, but it likely will leave you wondering why you didn’t set it up long ago.
What we commonly see is hackers being able to obtain your login and password information either by successfully tricking a user into providing login information or by hacking the customer login of a larger company (i.e., Equifax) to immediately try the same username and password on banks, email, social media accounts, etc. If cybercriminals successfully enter your email or bank account, the time, money and pain involved in rectifying will make you endlessly question why you didn’t invest the short period of time to set up a password manager.
4. Multifactor authentication. Many sites are now offering multifactor authentication help protect your account. This is as simple as requiring a code texted to your phone every time you log into an account on a new device, every so often or every time you log in.
Coupled with slowing down, reaching out via phone or in person to provide a second level of authentication regarding the legitimacy of an email or request can help weed out any questionable emails.
Knowing the types of cyberattacks will help you also determine the best way to interact with your own customers. If you will be sending them a file or a DocuSign link, it is important to ensure you have given them proper notice, include a proper email with the document (as we have all seen the scam emails with “See attached” as the only wording in the email body) to keep your more-savvy users from deleting your legitimate emails suspecting them to be potentially fraudulent. This can cause frustration on both sides and slow down the overall buying/selling process. Communicating properly with your customers as well as keeping your own network safe will help keep your customers safe and happy.
Bahar Ferguson is the president of Wasatch I.T., a Utah provider of outsourced IT services for small and medium-sized businesses.