October is Cybersecurity Awareness Month. 

Cybersecurity Awareness Month was launched in 2004 by the U.S. Department of Homeland Security and the National Cybersecurity Alliance to raise awareness about the importance of cybersecurity.

During Cybersecurity Awareness Month, the private and public sectors work together to raise awareness surrounding cybercrimes, and create resources to help people stay safe online.

Beginning in 2023, CISA launched the official cybersecurity awareness program, Secure Our World to recognize the importance of reducing risks and encouraging discussions on cyber threats on a national and global level.

Is your email signature a weak link?

Company email signatures are not typically high on the list of network vulnerabilities; however, it’s an area that should not be overlooked.  Criminals can use email signatures to impersonate and spoof individuals into clicking malicious links, opening files, and providing confidential information.

The more complicated the email signature, the greater the risk.  An abundance of links, social media sites, disclosures, and awards can be easily mimicked and replicated to garner the same look and feel as the victim’s signature, making the spoofed email appear trustworthy.

Criminals will create URLs and hyperlinks that appear very similar to the real URLs by removing one letter or using .net instead of .com, for example.

To reduce your risk of email signature impersonation, keep your signature basic with a minimal amount of links or hyperlinks. Limit unnecessary information such as upcoming events that can be used as bait in phishing schemes.

When in doubt, don’t click. Call instead.

A one-second clicking mistake can equate to weeks, months or even years of turmoil– not to mention thousands of dollars combatting cybersecurity threats. 

Simply put, do not click links from unknown sources. The reality is, bad actors are getting better and better at impersonating users by using correct grammar, referencing other coworker’s names and departments, and even pulling recent events and timelines from social media posts to look, act, and feel legit. 

Rather than assuming a link, file or attachment is legitimate, we recommend calling the sender directly to confirm the information is valid.  However, be sure to double check phone numbers in your inventory and online before calling a number found in the email signature.

We know you’ve heard this a million times, but using strong passwords and enabling Multi-Factor Authentication (MFA- which can be enabled under Settings in most accounts) wherever possible is highly important to safe guard your data.

What does a strong password look like?  Accordingly to the chart below, passwords should be a minimum of 16 characters long with a a mixture of numbers, symbols, upper and lowercase letters and different for every account.  Random strings of mixed-case letters, symbols and numbers are best, or use very, very long phrases with spaces in between each word (use numbers to replace letters as well, such as the  number “1” for the letter “I”).

Pro Tip: Use a Password Manager

Password Managers ensure that we are using very long, random and unique passwords on every site or account–which makes it that much harder for someone to steal your information.

There are many password managers to choose from. Some are free, like the built-in password managers in your web browser, and some cost money. Consumer Reports can be a trusted source for “password managers,” which offer various highly rated options and reviews.

Password Cracking Timeframe Chart

Please note that this data is from November 2023, so it’s already a year outdated.  It can be assumed that password crackers and AI have surpassed these stats, so to be on the safe side, your passwords should be a minimum of 17 or 18 characters long.

Don’t put off software updates.  It’s easy to click ‘remind me later,’ but software updates are sometimes time-sensitive and crucial for the safety of your account.  Software updates typically involve security patches and fixing areas of concern that may have been overlooked in previous software versions.  

As a rule of thumb, install updates as soon as possible and turn on automatic updates so you are always equipped with the latest and greatest security updates available. 

Protect Your Business with Phishing Training 

Phishing is the act of tricking an unsuspecting person into clicking links or opening attachments in order to inflict cyber harm with the intent to acquire sensitive information, infect devices, or extort money.  Criminals use stolen credentials to hack into financial accounts or servers to steal money or access data.

Attacks generally begin when someone clicks and downloads a malicious attachment from the web, email, direct message or via social media, resulting in downloading malware that damages systems or installs ransomware that holds systems captive.

Note: it is not recommended to pay the ransomware.  Criminals are known to take the money and keep the system locked, and/or will continue to target the company if you were willing to pay the first time around.

The good news is that you can protect your business by training employees how to spot phishing attempts. Contact your IT company to develop an annual phishing training program that runs monthly and is constantly updated with the most current phishing techniques.

8 Common Signs of Phishing

1. Strange or unexpected requests.
2. Alarming language, urgency to act immediately.
3. Check the sender’s email address- hover over the name to ensure validity. Criminals will often omit one character so it appears legit, or will add words to the domain (ex- instead of @apple.com, it would show as @apple.clientsupport.com).
4. Generic greetings, such as “Sir/Ma’am” or “Dear Valued Customer.”
5. Writing Style- does the email ‘sound’ like the person writing it? In other words, if the sender is usually concise & informal in their emails, does the email read that way or is ‘out of character,’ such as overly wordy and too professional?
6. Grammar and Layout-  poor grammar, inaccurate sentence structure, spelling mistakes, and inconsistent formatting are sometimes an indicator of a phishing attempt.
7. Spoofed Hyperlinks and websites- hover over links and images to view the URLs. Criminals will alter one or two letters in the URL or use various dot endings (ex- .net instead of .com).  Website shorteners are also a red flag.
8. Suspicious attachments- Cybercriminals will request that you open/download an attachment as soon as possible. They will most likely use a false sense of urgency or importance to help persuade a user to open the attachment.

Training your staff on phishing attempts is only one piece of the puzzle.  Visit www.cisa.gov to learn more tips for safe guarding your business from cybersecurity threats.

ACC Telecom is a B2B Telecommunications Provider specializing in Voice over IP and cloud based phone systems and surveillance systems.  Serving clients nationwide, ACC Telecom can assist with security enhancements, cloud-based projects, and hosted pbx installs.  Contact ACC today to learn more.