This article was updated February 26, 2021.
When was the last time you took a look at your cyber health? Just like scheduling a regular checkup with your doctor, incorporating a cybersecurity checkup into your routine will help keep you safe from bugs and viruses.
October is Cybersecurity Awareness Month (CSAM), so we’d like to take some time to focus on your cyber health. Anyone with an online presence is susceptible to online threats—malware, ransomware, hackers and other cybercriminals can all compromise your personal information. Stay one step ahead of them by following these tips to stay cyber healthy.
Phishing, smishing and vishing
Gone are the days when all you had to worry about was a classic Nigerian prince email scam showing up in your inbox. Cybercriminals have gotten better at what they do, and phishing emails have improved right along with them.
Most phishing emails fall into one of three categories, but the most common type is clone phishing. With clone phishing, a cybercriminal replicates a legitimate email and sends it from an email address spoofed to look like a legitimate sender. These emails employ social engineering to manipulate your emotions, and they typically contain a malicious link or attachment aimed at gaining your sensitive information.
Here’s what a typical phishing email might look like:
From: National Bank [email@example.com]
Subject: Your account has been locked
Your bank account has been locked on October 16, 2020 for security reasons. You cannot access your account or use our services before verifying your identity.
Click here to verify your account
If you do not respond within 12 hours of receiving this email, your account will be suspended and your funds will be frozen.
In this case, the cybercriminal is counting on you being so worried about your bank account that you won’t notice the signs this is a phishing email. Let’s break it down.
- Check the sender’s name and email address. The sender name may appear legitimate, but the email address will tell you whether or not this is a phishing attack. Any address with a suspicious domain name like the one above is most likely a phishing email.
- Be wary of urgent or threatening language. Cybercriminals prey on our emotions. In this email, they’re attempting to invoke a sense of panic by threatening to lock you out of your bank account. Legitimate organizations do not threaten their customers, so this language indicates a phishing attack.
- Don’t click suspicious links or open unexpected attachments. Think before you click—if an email seems suspicious, don’t click any links, and never divulge your personal information over email.
Along with phishing, cybercriminals are turning to smishing and vishing to trick people into giving up their personal information. Their tactics are the same, but the delivery is different: smishing takes place over text message and vishing is done via phone call (the infamous CRA phone scam is an example of vishing). The tips above will help you spot smishing and vishing attacks as well as phishing emails.
Cybercriminals have many tricks up their sleeves, but regardless of which one they try, it’s down to you to safeguard your personal information. When in doubt, contact the alleged sender or caller yourself to verify if they’re actually trying to contact you.
Passwords, password fatigue and password managers
For most of us, our first password was most likely a single word that could be found in the dictionary. Our bad habits grew from there: we started recycling the same password for multiple accounts, didn’t update our passwords when those accounts were breached and even wrote our passwords down where anyone could find them.
While many of us have not improved our password habits, cybercriminals have improved their password cracking. Now, a simple password like “qwerty” or “123456” (still two of the most used passwords in the world, even in 2020) can be cracked in about 0.19 milliseconds.
If all that stands between a hacker and your personal information is a single word, it’s time to improve your password game. Follow these tips to take your passwords from vulnerable to unbreakable.
- Use unique passwords for all of your accounts. While using the same password over and over again is convenient, it’s also risky. Choose a different unique password for each of your accounts so that if one is breached, the rest remain safe.
- Make your passwords long and strong. Passwords should be at least eight characters long and a mix of letters, numbers and special characters.The longer your password, the harder it is to crack, and many cybersecurity experts recommend going a step further and using passphrases for all your accounts rather than passwords.
- Never share your passwords. Passwords are meant to keep your personal information safe, so sharing them with others dilutes their security. Passwords are also a prime target for phishing emails. Regardless of whether the person asking for your password is your aunt, your coworker or supposedly your bank, never share it with anyone.
Because we have so many online accounts, most people suffer from password fatigue, the confusion and frustration that comes with having to create and remember a multitude of unique passwords. However, there are better solutions to password fatigue than just recycling the same password over and over.
First, if it’s an option, you can turn on multi-factor authentication (MFA). MFA will require you to verify your identity in at least one other way, for example, by entering a code sent via text message. If MFA is not an option or not convenient for you, then the best way to alleviate password fatigue is with a password manager.
A password manager is a tool that stores and retrieves all your passwords in an encrypted cyber vault. The only way into the vault is with a master password that you create. This means that even if your password manager is hacked in a data breach, the hackers cannot read the passwords stored inside. They need your master password to decrypt that information, and your master password is only stored in your memory.
A number of different password managers exist, so if you choose to use one, do your research and pick the one that works for you.
Keeping you cyber safe
We’re tasked with protecting sensitive health information, and that’s a commitment we take seriously. Our IT and security teams work diligently to keep our firewalls strong and external threats minimized.
Can you spot when you’re being phished?
Check if your email address has been compromised
Did you know that benefits fraud costs the Canadian health care industry up to $3.6 billion every year. At Alberta Blue Cross®, we’re dedicated to cutting that number down and keeping plans sustainable. Get all your questions about benefits fraud answered on our benefits fraud website. Dive into everything you need to know about benefits fraud including how it happens, what you can watch for and how Alberta Blue Cross® can protect your plan.