Cybercriminals are getting incredibly sophisticated and their phishing attacks now take place online on phony websites, via phishing emails, through automated telephone calls, through malware that gets installed on your computer to steal your credentials and other personal information. Stealing passwords and filing fraudulent returns is a multi-billion dollar industry for these criminals, and they’re good at what they do.
Therefore, we must all be hyper-vigilant when we are online and when accessing our personal and even work email. There are many common activities that can lead to risk of having their password stolen by online or real-life criminals.
- Using the same password on multiple websites. Most people have been guilty of this first one at one time or another. If you’re using the same password for multiple websites, or if you’re using the same password for some websites and your email, you’re a prime target. Once a criminal gets your password to one service, they will try it again on other services, banking sites, credit card websites, and more. I know it’s tempting to use the same password; but it’s just not secure.
- Not resetting passwords and security questions regularly. How often do you reset your passwords and/or security questions and answers? Instead of answering the security questions with honest answers, I recommend using answers that don’t make sense. Often times, answers to security questions could be guessed by reviewing users’ online profiles, social media, etc.
- Downloading unfamiliar software from the internet. This should go without saying, but so many people accidentally download software they’re not familiar with. If it’s not coming from a brick and mortar store, directly from the manufacturer, or a known online store like the Apple App store, Windows Store, etc. please do not download it. These online stores generally review all application submissions and check for viruses, malware, etc.
- Clicking on links in email messages. I can’t stress this one enough. Do not click on links if you have any doubt who the email is from.
- Writing down your password. Most accountant firm employees work in an open office, where others have access to your work areas, but you still feel some sense of privacy. When it comes to your credentials, please take care not to write down your passwords. And certainly don’t put it on a post-it on your monitor or anywhere in your workspace. A lot of us do this, especially after just recently having to change our passwords. If you must write it down, please keep it stored in a locked drawer, and ensure the drawer is locked anytime you leave your workstation. You could store it in a password protected One Note notebook, or Excel file or somewhere else that is digital; just be sure it’s got a very secure password that you change frequently.
- Giving your password to the “tech support” guy. Don’t ever give you password to someone who claims to be from “tech support. If they do claim to be from “tech support,” did you initiate the contact or did they call you out of the blue? If the latter, you should be suspicious. Ask them to send you an email. The email address should come from your organization or a known outsourced IT company. If you do not recognize the email address/domain, do not give the tech any information. Do not let them take control of your PC. Instead, hang up on them and call your organization’s tech support to report it.
- Sharing your password with others. I know it may be tempting to share your password with trusted friends or co-workers, but you never know when relationships could go sour. If you absolutely must share your login with another user, login for them and monitor their activity. Do not give them your password, and do not leave them unattended while logged in as you. Once they are done, have them log out of your account.
- Falling victim to a phishing attack. Finally, both staff and clients are susceptible to phishing attacks, and could inadvertently give away their credentials or information that would allow a criminal to reset their credentials. Implementing a multi-factor authentication system like CCH Axcess Portal’s 2-Step Verification process will help protect your staff and clients, even if they do fall victim to one of these attacks.