Four easy ways to keep your data safe from cybercriminals

Cybercrime has become a profession and the demographic of your typical cybercriminal is changing rapidly, from bedroom-bound geek to the more organised, who use advanced techniques and are highly technically skilled. According to the data provided by software company, VMware, 52% of all cyber attacks in March 2020 were finance-related. In our Xero On Air episode, A simple approach to cybersecurity, we outlined simple actions you can take to secure your data and keep your business safe. Let’s recap.

Phishing

Phishing is an attempt to get information for malicious reasons. The most common example is receiving an email with an enticing heading like you’ve won millions or a lost inheritance. Clicking on this seemingly harmless email and the links within it could land you in big trouble, for starters, the sender might ask you for more data than you should be sharing. I hear you saying “I’d never fall for that”, but cybercriminals are very clever and it’s hard to distinguish the real from the fake. 

So what can you do? Always check the URL before you open anything and try to navigate using HTTPs. This means the data between your computer and the server is encrypted, but contrary to common belief it doesn’t guarantee that the server is trustworthy. Any hacker can create a server with HTTPs capabilities. So long story short, not using HTTPs is a red flag, but using it isn’t 100% bulletproof; the most important thing to do is to make sure we recognise the URLs before opening them

Another trick is to think about the information you are being asked for. For example, say you got a free subscription to a financial publication, but they ask for your passport number – that’s a red flag. Try to be mindful and ask yourself “do they really need this information?” especially if they are asking for it urgently.

If suspicious, double check the source. If Xero is sending you an email, go and check if that’s the right email address from the Xero website or if any other website is sending you information, check that those are the right links. It’s as simple as Googling the company to see if that’s the first website that comes up there.

Account takeovers

This is when cybercriminals find a way to log into your account and do malicious things like change account details, send out phishing emails pretending to be from you, steal financial information or sensitive data, or use any stolen information to access further accounts within your business. 

These are more common than you think and cybercriminals have a variety of entry points when attempting to gain access to your personal information – they generally choose the simplest entry point. It can start with any piece of personal data that’s used when logging in, such as an email address, full name, date of birth, or city of residence, all of which can be found with minimal research. Over 80% of web apps are using stolen or brute-forced credentials – so it’s a simple message – use a password manager to keep track of your passwords and always use strong, unique passwords combined with two-factor authentication. 

Two-factor authentication

Also known as 2SA, is a method of confirming your identity by using a combination of two different components. In Xero we use your username and password to sign in as the first factor and a one-time-valid, dynamic passcode, consisting of six digits as the second factor. The code is generated by a one-time-passcode-generator like Google Authenticator or Auty. The combination of two different factors to enter your account makes it exponentially harder for cybercriminals to gain access and steal your personal data or identity. Enabling two-factor authentication on your accounts, deadbolts your data and prevents cybercriminals from accessing your information. We highly recommend enabling two-factor authentication on Xero, in addition to enabling it on your email account. 

Anti-virus scanners and disaster recovery plans

Running an anti-virus scanner on your machines regularly is another great step you can take to help keep your systems secure. A step beyond that is having a disaster recovery plan (DRP) in place, in case things go wrong. That isn’t just about keeping computers and other hardware safe; it’s also about protecting your ability to provide customer service and keep your business running. When DRPs are properly designed and executed they enable the efficient recovery of critical systems and help your business avoid further damage to mission-critical operations. Benefits include minimal recovery time and possible delays, preventing potential legal liability, improving security, and avoiding potentially damaging last minute decision making during a disaster.

Cybersecurity is a shared responsibility, a system is only as good as the weakest link in the chain. Security needs to be strong on all fronts and it’s important that our small businesses and advisors are committed to protecting themselves and their customers from attacks. As a business, it’s your responsibility to safeguard not only your own information but, more importantly, the sensitive data that your customers and employees have entrusted you with. By keeping informed about cybersecurity and instilling the importance of security practices throughout your business, together we can build a stronger, more secure online community.