Some of you may have heard about the phishing attack that was perpetrated through Google last week. In case you didn’t though, check it out here. I personally experienced an incident through my non-profit e-mail around the same time as the Google phishing incident. I received a suspicious e-mail from the President which appeared legit and written in a similar fashion as that of the President. In my case the sender’s address did not match our non-profit’s extension which was a huge red flag. The request was also odd in itself and so I validated the e-mail with the President and once we determined it was a fake I immediately reported it to Google (our e-mail provider) as well as the rest of our team.
In light of these incidents, I’m writing this week to discuss the importance of online security. It’s a topic that is very hot among CPAs because we are always working hard to protect the sensitive information that is passed to and from our clients. Encrypted e-mail, secure portals, and passwords are just a few of the ways CPAs protect client information from data breach and compromise. I will highlight some best practices that general computer and internet users should consider below.
A Quick Note
Before I get to the 5 online security habits users should adopt I want to tell the tale of an incident of identity theft.
This past tax season when attempting to file a client’s tax return I was notified that my client had already filed a tax return. The IRS has safeguards in place that prevent the same person from filing more than one return for a given tax year and any tax preparer would have received the same notice for this client. Upon further investigation, we were able to determine that the client’s identify had been compromised. The IRS was skeptical as well and had already flagged the return that was filed as fraudulent. The good news is that we were able to identify this with enough time to get the return filed on time, but unfortunately my client has had to clean up any messes the fraudster made.
The moral here is that nobody is safe...
Okay, on to the tips!
#1 Use Internet Security / Antivirus Software
Security software is a cheap insurance policy to help protect from malicious attacks. Although I don’t have many recommendations, my advice is to pick something and use it. Whether you choose Norton, McAfee, BitDefender, Kaspersky, or Avast, you need the protection of a trusted internet security provider. These services are particularly helpful in detecting and preventing threats. Whether those threats are firewall holes, bogus website phishing for your passwords, or viruses designed to compromise your system and private information, a trusted security software platform can save you from hours of headaches from a breach or attack and potentially your financial well-being.
#2 Securely Transmit Sensitive Information
I can’t stress this one enough but if you do nothing else you should be religious about this one. I have heard arguments about how your information is probably already “out there somewhere” but that doesn’t mean you shouldn’t be cautious. You really shouldn’t be e-mailing unsecured files to anyone. Instead, use third-party services like Dropbox or Google Drive to share files with others safely. This not only reduces the chances of an e-mail becoming intercepted but also helps maintain version control over your shared documents. You can also ensure that collaborators have the correct access they need to a file by allowing them to edit or read-only files you share with them. If you must send sensitive information via e-mail, find a way to encrypt the message between you and the sender.
#3 Use Trusted WiFi Spots
Remember the last time you went to Starbucks and hopped on their free Wi-Fi? Well, you might want to reconsider doing so. Whenever you access a public network your information becomes available for all on that network to see. Sadly, hackers have developed sophisticated attacks they can use to scam you just from being on the same network. If your computer is not secured properly you may also be exposing the contents of your entire computer for all to see. Research Virtual Private Networks (VPNs) to learn more about how you can protect yourself when using a public Wi-Fi connection.
#4 Never Give Out Passwords
Never give out your passwords, ever! To protect you, no reputable software, app, or internet product vendor will ever request your password. They can either already see what it is, or, they typically verify your account another way that doesn’t require surrendering your password. If ever asked, consider if the vendor is reputable and if there is another way you can validate your account with the requester. When in doubt, don’t give them up.
#5 Stay Vigilant
You have to stay on your toes nowadays. Some might say the Internet is a blessing and a curse (in more ways than one), but you definitely need to stay vigilant. It's still a relatively new technology so it still has a "wild west" feel to it. Resetting passwords as well as revisiting (and refreshing) your security protocols every few months is well advised to keep attackers guessing. Using keychain style programs such as LastPass to store all of your logins in one place is helpful, but can also be a single point of failure if the master key is compromised. The nice thing is that those vendors typically generate very powerful passwords for you without you having to think about it. Also, most internet security software will run in real-time and on a scheduled basis so you can constantly have the software monitoring your system for flaws. Evaluate your security situation and make necessary changes to get setup to help prevent problems. Remember, it’s better to be safe than sorry.
I could go on and on about all the things you should do to stay safe and the above tips are certainly just the tip of the iceberg; but I’ll spare the audience. These tips should be considered whether you are using a mobile device or computer. Stay safe out there and think about what you’re doing, where you’re doing it, and with whom you’re dealing with before you do anything. Feel free to share your tips & tricks to staying safe on the internet in the comments section below.