Staying safe online will protect not just your data, but your customers and employees. The two most important things you can do to stay safe online are:
First, maintain excellent password hygiene. Never share a password. Always use a long, complex password (or passphrase) and always use a unique password for each website or application you use.
Second, be aware. Phishing emails are a common way to trick you into disclosing data. If it looks even in the slightest bit unusual – don’t click it.
Here are a few tips to ensure your sensitive data remains secure.
Phishing and malicious emails
We’ve written before about “phishing” – it’s an email that looks like it comes from a trusted source, like Xero or your Bank, but doesn’t. The email will attempt to trick you into providing passwords or other important data, or it could just infect your computer with malware such as ransomware.
You can protect yourself and your business by being aware of these scams, and by knowing what to look for that may help you identify a malicious email.
Here are six things to keep a look out for:
- Incorrect spelling or grammar. Legitimate organizations don’t always get it 100% right, but be suspicious of emails with basic errors.
- The actual linked URL is different from the one displayed. Hover your mouse over any links in an email (DON’T CLICK) to see if the actual URL is different.
- The email asks for personal information that the supposed sender should already have, or information that isn’t relevant to your business with them.
- The email calls for urgent action. For example, “Your bank account will be closed if you don’t respond right away”. If you are not sure and want to check, then go directly to the bank’s website via the URL you would normally use, or phone them. Don’t click on the link in the email.
- The email says you’ve won a competition you didn’t enter, have a parcel waiting that you didn’t order, had an order cancelled that you didn’t order, or promises huge rewards for your help. On the internet, if it sounds too good to be true then it probably isn’t true.
- There are changes to how information is usually presented, for example an email is addressed to “Dear Sirs” or “Hello” instead of to you by name, the sending email address looks different or complex, or the content is not what you would usually expect.
If you suspect you’ve received a phishing or malicious email, and it says it’s from Xero or uses Xero’s logo, do not click on any links or attachments in the email. Instead please report it by forwarding the email to email@example.com.
Passwords are first line defence
- When you’re trying to protect information from intruders, it’s crucial you pick strong passwords that can’t be easily guessed or ‘cracked’ (cracking is recovering a password from data stored in or transmitted by a computer system).
- Use a long password made up of numbers, letters and special characters ($,#,%,&, etc). The longer your password is, the harder it is to guess and the longer it takes to crack.
- Use different passwords for different websites or applications. Then if a hacker figures out or cracks one password, they haven’t got the master key and any damage can be limited. This means the password you use for your online banking shouldn’t be the same as your Facebook, email or Xero login.
- Never share your account details with anyone. Not even really good friends or close colleagues. They can unknowingly pass it on or maybe even use it themselves. Best bet is to keep your password to yourself.
Using a password safe application is a good way to make managing your passwords easier, allowing you to generate unique, strong passwords for each application.
Make sure your computer is secure
You can have the most complicated password in the world, but if a hacker is already inside your computer, it’s no good. Always keep anti-malware up-to-date to stop keyboard loggers or malicious software from snooping on you and stealing your information. Keep your operating system and application software patched and up-to-date too, to minimise the risk of vulnerabilities that can be exploited.
These are just a few of the things to watch out for, and if you ever suspect your Xero account has been compromised visit our support page.