While the past year has been no picnic for anyone except the handful of billionaires profiting from the pandemic, it’s at least given some of us opportunities for improvement and enlightenment that we may not have otherwise pursued given the usual daily routine. Some of you have whiled away your free time catching up on shows, learning languages, or taking up new hobbies, some have even completely remodeled bathrooms, kitchens and garages. Almost every single work-from-home professional has had to become an IT technician whether they wanted to or not, but despite that, many of you still don’t know some things you absolutely should know.
Don’t be afraid or ashamed to ask!
As I’ve said before, I don’t expect everyone to become IT professionals, even after 11 months of working from home with shoestring budgets and Macguyvered technology. Once we get in front of Covid-19 I am anticipating many organizations will seriously reconsider returning to the traditional office environment if they haven’t already marched straight ahead into a virtual workplace future without looking back. In order for that future to work for a business, their WFH employees need be as efficient and productive as before. If you are one of those salivating at the prospect of working from home for the foreseeable future, you need to make sure your tech game is on point with these essential tid-bits:
Who is your internet provider? Not only should you know who it is, you should have their tech support number as a favorite on your smartphone. You should know your account number and what you are paying for, and what you can expect for customer service. Seriously consider paying more for a “Business-class” account if you have a residential account – the quality and speed of the internet won’t (necessarily) be different, but the speed at which they respond to service calls is much better.
Where is your internet router? You should know where it is in the house, what it looks like, and how to turn it on and off. You should know what the lights on it mean, or at least have a quick reference handy to interpret the lights. If you live in a single-family residence, you should know where the service lines come into your home. If you set up your own router or mesh wifi system, you should have the brand and model handy, and if you needed to use a phone app to set them up, what that app is called. If someone else set up the devices for you, have them write down this information for you, especially if they aren’t a member of your household.
How does your work computer get internet? Ethernet wire or WIFI? More importantly, can it do both? Most folks rely heavily on WIFI, not realizing that “hard line” networking is way more reliable and in some cases, dead simple to set up. Not every household can take advantage of an Ethernet connection, but if you have any opportunity to do so, do it.
Know your home workstation. You should know the brand and model, and where all the critical control points are on the computer: power, network and peripheral connections. You should also understand what any visual indicators might be telling you – power and hard drive activity lights, network indicators, etc. If you have additional peripherals like monitors, printers, keyboards and mice, you should know how they are connected and how to replace consumables like toner, ink or batteries.
Know your software. If the machine you are using at home is your own and not managed by your employer, you should absolutely know the following: What operating system and version you are running. Whether or not you have antivirus installed and working (you should). What program or platform are you using to back up your data. You should also have critical passwords recorded in a safe (preferably digital) place that you can get to even if your main computer is inoperable.
Image by Lorenzo Cafaro from Pixabay
If you’ve used a computer – Windows or Mac – in the past 20 or so years, you’ve probably used a handy product called Malwarebytes. Once consider a scrappy bit of software us techs could whip out during the early days of malware infections, Malwarebytes has since “leveled-up” into a very successful security platform that still offers a useful, free version of its malware scanner. Unfortunately, their visibility in the market makes them a big target as well, and they just revealed that they have been compromised by the same hacking group that gutted SolarWinds.
What this means for you
According to Malwarebytes, unlike SolarWinds their products were not compromised but their email was hacked in the same manner. Even so, email is the lifeblood of any organization, so this is still a blow to their brand and to their internal morale. In their defense, the group responsible for the hack is credited with possibly one of the most devastating cyberattacks in history and it’s pretty evident we are only just starting to discover the breadth of their campaign which is conservatively estimated to include thousands of companies. These types of wounds (and scars) are earned on the front-lines of a war most of us don’t see, and it is at once disconcerting and strangely comforting that even the largest, best prepared organizations still fall victim to cyberattacks. This should not discourage you from making every effort to stay safe. If anything this should serve as a stark reminder that there are powerful forces aligned against ethical, honest people who are just trying to get some work done, and as such always allocate a healthy amount of resources and respect for security and backup for your technology infrastructure.
Much of what I learned from my father about being handy around the house was from watching him work, and then, once I was old enough to be more useful than distracting, from actually doing the work while under his careful supervision. His style of instruction was typically hands-off and non-verbal, letting me experience the tools and work for myself, but he spared no words when it came to warning me about the dangers of the various tools (powered or not) with which we worked. His hands were covered with various scars that did not require more than one terse explanation, and my grandfather was missing parts of two fingers from a woodworking accident that served as a silent and regular reminder of a life lesson I carry with me to this day: Tools are dangerous regardless of your familiarity with them – always treat them with respect and understand their proper use and application.
Ignorance and injury go hand in hand
The attack last week on the nation’s capitol by extremist thugs will no doubt grace numerous textbooks and will provide plenty of lessons for everyone, but there was a particular behavior exhibited by many of the invaders that has provided plenty of amusement for the rest of nation and illustrates my point perfectly. While I’m sure many of the people participating in the violence last week thought they were justified and not committing crimes, documenting your “activities” via social media demonstrates a clear lack of understanding of what that act actually achieves. Not only did they visually document numerous criminal activities that directly or indirectly led to the deaths of 5 individuals, they pinpointed themselves at the scene of the crime via GPS on their “smart” phones. This same crowd used the conservative social media platform “Parler” to organize this attack, to foment additional hate, and then documented it with thousands of posts, pictures and movies, all of which was scraped by a hacktivist and made available to the public and, presumably, numerous law enforcement agencies. I’m sure there were plenty of law abiding citizens engaged in reasonable discourse on Parler – one of the most common arguments offered by conservative politicians on the dismantling of your privacy is, “If you’ve done nothing wrong, you have nothing to fear.” Over 50 terabytes of data is a lot to sort through, but you can be sure that plenty of self-incrimination will be found within.
In addition to the lessons taught by my father and grandfather, I learned plenty of times the painful lesson that even tools you know well can “bite” if you are careless or try to use them in unintended ways. While poetic justice is rare and should be celebrated when it is encountered, Parler’s unintentional incrimination of some of it’s hate-filled user base should also pose a sober lesson for everyone. It’s clear that social media (and the internet) was meant to bring the world closer to together but it has, at the same time, driven a dangerous wedge into society. Ignorance, misinformation and hate spread just as quick as knowledge and compassion on the internet, and we just got bit by the sharp edge of this tool.
Later on in life, once I was old enough to appreciate it, my father told me that it was a constant struggle to not snatch tools from my hands if it looked like I might hurt myself. He knew I had to learn the hard way, but not necessarily at the cost of a finger or worse. Unfortunately, my dad isn’t around snatch this tool out of our careless hands, and it’s clear Twitter and Facebook’s “dads” aren’t keeping a watchful eye either. By allowing hate and lies to ferment online, social media usage played a direct role in creating one of the darkest days of American history and led to the loss of 5 lives. Seeing as this tool can’t be put down and another used, we must learn how to use it properly, safely and for constructive purpose.
Image by Peggy und Marco Lachmann-Anke from Pixabay
I’m sure many of you celebrated the passing of last year with no small amount of relief, and if you were one of the 190M people in the US who purportedly resolved to improve themselves this year, I’m going to bet at least some of you put “Get better at technology” on that list. While I heartily commend and support this goal, you should also know that the majority of us fail in New Year’s resolutions because we didn’t keep them specific, achievable and completable. A clock ticking over from “0” to “1” doesn’t make one year better than the previous, but one would think, “Surely, technology will be better in 2021.” Normally that would be a safe bet, but even my normally boundless enthusiasm for technology has been tempered by some trends I’ve watched develop in 2020. Regardless, getting better at (a specific) technology is worth pursuing, but you should also know that if it feels like an uphill battle, it’s because it will likely be just that. Here’s why:
You aren’t imagining things: technology overall is not getting any easier. One of the ongoing promises of technology is that it is supposed to be making our day-to-day lives easier. There’s no question that we are capable of more and we have access to things that weren’t even dreamed of 20 years ago, but for critical technology devices and services that are considered on the same essential tier as things like plumbing, automobiles, and central heating, they are still stubbornly complex, hard to troubleshoot, and well outside the understanding of any reasonably intelligent human. To be fair, most of us probably couldn’t install a sink or fix a car, but these technologies are largely standardized and have changed relatively little as compared to things like smartphones and computers. Even something that was dead simple for decades – the television – has become incomprehensible for many. For each thing that we simplify, two others seem to get more complex, and they seem to do so in service to two things: more security, and/or more functionality. Your takeaway from this observation: don’t feel like you are getting dumber. You aren’t – technology is changing faster than most of us can learn, and the constant level of change means that the knowledge we manage to gain quickly grows stale or obsolete. It’s exhausting, even for the experts.
If there is one thing that technology has failed to simplify – it’s security. As a matter of fact, in many ways technology has actually made staying safe that much harder. In decades past, if you did not want your data online, you avoided going online. Identity theft was elaborate and rare. Most of us had our credit cards stolen maybe once every 4-5 years, not 4-5 times a year. Our financial (and sometimes physical) security is regularly jeopardized by the negligence and carelessness of a megacorporation over which we have zero control, except in one, most meaningful way: Get out and vote for leaders who understand what is at stake and who have people and communities, not corporations (and their billionaires) as stakeholders. You should know what their position is on personal privacy and data protection. Don’t be afraid to ask hard questions if given the opportunity – your safety is at stake. However, if you are looking for a break from activism and politics (let’s be honest, who isn’t?), here’s a smaller, achievable new year’s resolution: start using a password manager and better passwords for all your critical services.
The best, most useful technologies are ones that are focused, limited in scope and, ironically, change more slowly than the “normal” pace of technology. This isn’t a new revelation, and nothing in 2020 or years before lead me to believe this will change any time soon. If anything, use this as a rubric to assist you in identifying what technologies you wish to “get better at”. Frustrated at the confusing changes on your new smartphone? Focus on the core things you need it to do (not what it’s capable of) and learn how to make those services consistent and worry free. If you can’t make it either of those, then perhaps the device is ill-suited to the task. The very root of technology is the Greek technos and logia which literally translates to “the manner or means by which a thing is gained.” Technology is a means to an end and not the end itself. If a device, app or service is making it hard to achieve something – it’s the exact opposite of technology.
Reuters reported on Dec 13, 2020 that several high-profile government departments have been hacked, and had been compromised as far back as March of this year. Early research points to Russian military-backed advanced persistent threat group known as “Cozy Bear” who utilized what’s known as a supply-chain exploit to penetrate the US Commerce, Treasury and Homeland Security departments, as well as up to 18,000 other US government and business targets. At the moment, officials confirm that the Russian hackers had full access to internal emails of the US Treasury and Commerce departments, but security researchers fear that this is only a small part of what is looking like a huge breach.
“Welcome to the club?”
While you might be tempted to savor some schadenfreude at their expense, the implications of this attack will be profound for the government and many Fortune 500 companies that were also likely compromised. This is also a bad look for managed service providers like C2, as source of the breach was MSP giant Solar Winds who, ironically, provides the technology management and security for the hacked government entities, and, whose own security monitoring platform was the source of the compromise.
As you’ve heard me say numerous times, there is no amount of money spent or technology applied that will provide you with a bullet-proof, perfectly secure environment. The fact that the largest MSP in the US can itself be compromised and used as a weapon against its own customers demonstrates this lesson unequivocally. The best protection from malware attacks and security breaches is a multi-layered approach:
- In addition to having proper antivirus and spam filtering, firewalls and updated software, your employees should be trained regularly on technology security.
- Your critical data should be backed up offsite. Not just server data, but possibly email and files on company principals’ personal computers. Remember cloud filesharing does not equal backup.
- You should review your company’s security policy, especially if it hasn’t been updated with work-at-home specifics, and make sure that employees get a refresher on any changes made to the policy.
- Your company should have at least an outline or basic disaster recovery and business continuity plan.
- If you don’t already have it, consider acquiring cyber liability insurance that will cover security breaches, especially if you are a part of a regulated industry that deals with confidential data for clients and customers.
It’s hard to see how the pandemic could bring about anything positive that wasn’t gained at the cost of over a million dead (worldwide), but the change it has wrought is irrefutable. Certain industries like food services and hospitality have had to reshape their entire business model, and many that couldn’t change fast enough succumbed as the entire world retreated to our bubbles. Not surprisingly, most professional services firms (accountants, lawyers, financial advisors, banks, etc – and yes, MSP’s like C2) after the initial panicked spasms were overcome, turned out to be well suited to work remotely, and many are now making a leap of faith to go fully virtual permanently by eliminating one of the larger expense lines in their budget – the office lease.
In most cases, there is no technological reason why some companies can’t go completely virtual. Note the words I emphasized there. For several industries, especially the ones that were born of the digital age, business technology is easily well ahead of the need curve for the majority of organizations in that industry, so far ahead in some cases that many have no idea of what is possible and don’t even consider it. Let’s assume that the technology exists for your company to go virtual, so instead it may be useful to examine the reasons why you might need to consider carefully before tearing up that office lease.
Look before you leap!
As has been made painfully obvious by our (mostly) self-enforced lockdowns, some of us are realizing how much we miss the hustle and bustle of a busy office. Indeed, many companies thrived on spontaneous interactions that can only occur when people are physically adjacent. If you’ve noticed a decrease in productivity or creativity despite everyone having all the tools they need, you may have been one of those companies that developed a culture that was built around face-to-face interactions. Switching to online forms of interaction like videoconferencing and instant messaging will be difficult for people, and certain folks will never consider it as a suitable replacement for those watercooler meetings. The pandemic will end and for staff that look forward to returning to normalcy it may be particularly disheartening to find out that their workplace also fell victim to Covid.
Physical offices allow for a certain level of technology simplicity and manageability that are not achievable (yet) in virtual companies. Granted, if the internet was down for the office, no one was getting any work done, but conversely, it also allows IT managers to ensure a consistent level of service and security that they could literally put their hands on by walking down the hall. Running a company on the back of the internet and personally-owned electronics presents a new layer of complexity that is not easily serviced by a traditional in-house IT department, and it multiplies the potential security vulnerabilities to a level that will be unacceptable for some industries without very careful planning and discipline.
You should also consider the management style of the company’s leadership. Are they used to managing by sight, i.e. they need to see that their employees are busy and engaged, or can they trust that their people know what needs to be done without being physically supervised? It shouldn’t surprise you to know that while it is technologically possible to supervise remote employees just as closely (if not closer) as if you were standing over their shoulder, most folks will find this intrusive and offensive, especially if they are working from home. While I would argue that this type of leadership is perhaps a relic of bygone eras and definitely less effective in today’s workforce, I still regularly encounter it and know that leaders who rely on this style are especially frustrated by virtual staff.
Make no mistake, virtual companies are here. They were here well before the pandemic and I’m seeing many more making the transition as each week passes. While it may be tempting to consider permanently striking real estate leases off your budget, make sure you consider the underlying costs that might not be easily summed up on a spreadsheet.
Now that a lot of you are working regularly from home, you’ve probably gotten most of your technology (that you can control) working more or less reliably, but I’m willing to bet there’s at least one hunk of plastic and sand that is regularly giving you fits. Yes, we’re looking at you, laser or inkjet printer! Printer issues are one of the top ten issues we address for clients, but a good percentage of those issues are resolved by a very specific set of “tricks” that most people can do on their own.
“Sit. Roll-over! Print this page…NO! Bad printer!”
If you are having problems printing, here are some of the basics you can walk through to see if you can bring that recalcitrant printer to heel:
- Check the printer queue. If you see a bunch of documents stuck in the queue but your printer seems to be oblivious to them, try canceling the jobs, and then resend them.
- Make sure you are printing to the right printer. Sometimes Windows (and Macs, but less often) will reinstall your printer, but your apps don’t get the memo and will still try to print to a printer that no longer exists. Quit the app and relaunch if you notice this, and make sure you select the active printer when printing. If you have two printers with very similar names and one of them is marked as “disconnected” or “offline”, very likely your apps don’t know that something has changed.
- Reboot your computer. There. I said it. Again.
- Reboot the printer. This one actually still gets forgotten quite a bit. Modern printers have little computers in them and sure enough, those little computers can crash. Or they are waiting to apply an update but need a reboot to get it started, just like the big computer on your desk.
- Check the printer’s built-in display. Most modern printers, even the ones that seem cheaper than the ink they use, have screens that can provide all kinds of information, including the state of the network connection, whether there are jams, or that dang cyan cartridge is empty again.
- Reinstall the printer drivers. This is a little more advanced, but as I mentioned #2, Windows 10 is notorious for reinstalling printers with a Microsoft-version of your printer driver, which often leads to strange behavior.
- Check your printing settings. Make sure you aren’t trying to print a page that doesn’t match the paper size loaded into your printer. Even the simplest apps use a standard print dialog box that has at least a half-a-dozen settings that can cause the printer to just stop, as if to say, “Whatever it is you are trying to print does…not…compute.”
- Make sure your ink cartridges aren’t dried out. Cheap inkjet printers (heck, even the expensive ones), when not used for long periods of time, have a tendency to malfunction due to dried-out cartridges. Depending on your usage patterns, local humidity, and the quality of the cartridges, this period of inactivity could be days or weeks. Make sure you run regular nozzle checks, cleaning and print tests to keep the printer juices flowing.
- Replace that cheap printer. Most of the printers in use today were probably bought pre-Covid, and most likely were chosen because they were cheap and intended for light-duty use. Nine months later and those part-time printers have become essential workers in a role they were never intended. If you are spending more time fixing jams, replacing cartridges and reprinting poorly imaged pages, it may be time to consider replacing it.
Image by pavelkovar from Pixabay
While I regularly hear this question throughout the year, it seems seasonally appropriate to talk about this particular phenomenon. “My computer has a mind of its own,” or my favorite, “I think my computer is possessed,” could actually be an accurate assessment of the situation, but not in a supernatural way. A large majority of technology problems can typically be traced to something a human fouled up, but the interconnected nature of today’s technology means that this particular foul up doesn’t have to have been your own fault, or even someone nearby. Your computer issues could have arisen because of a mistake made by someone miles (and possibly years) away, which only makes the universe feel just a little more perverse than usual. In some cases, computer problems arise because of the irresistible second law of thermodynamics, which basically states that everything is slowly degrading over time, and if humans invented, designed, and/or assembled something, even infinitesimally small variations in quality can lead to the difference between your computer loading up properly or giving you the dreaded, “No operating system found” message.
The scary tech stories no one wants to hear…
“Your hard drive will fail.” This is not an “if” but a “when” determination. All hard drives fail – the trick is to replace them before they do, and to back up your data in the interim. Most modern hard drives do have alarms that will warn you that entropy is winning, but not everyone knows what to monitor, nor understand the data that is provided. While it’s true that spinning (traditional) hard drives have more moving parts than Solid State Drives (SSD), and thus is more subject to entropy than it’s solid state brethren, both can fail, and in fact HD’s are easier to recover in certain hardware failure cases than SSD’s because of how they work. Just because it’s SSD doesn’t mean you shouldn’t back up important data.
“Software updates are unavoidable.” Sadly, gone are the days of dodging Windows updates to keep your system and software running just like it did the day you installed it. Microsoft’s forced update cadence has most major software makers in lockstep, meaning that one can’t be updated without the other, and problems will arise if you aren’t marching to their tempo. And as is the case with everything humans do, some updates will cause problems.
“Your personal data is probably already on the internet.” You may not like to consider it, but there is a high likelihood that much of what you consider to be “private” is well known to both advertisers as well as less scrupulous elements around the world. Even so, this is no reason to be less safe with that data. Always challenge requests for this information, and consider the means by which you convey this data to the requestor, as well as who is asking especially if they are new to your circle of interactions.
“Using a single password for everything will get you hacked. Badly.” It may be the hardest to guess password in the world, but the fact that you have to enter it at all means it’s possible for someone to trick you into giving it up, and when that happens, they are on you like a horror-movie killer, and you won’t be guaranteed a Hollywood happy ending. Identity theft teams move at horrific speed and will make your life very unpleasant.
That’s probably enough scary stories for one Halloween. It might be strangely comforting to believe your technical issues are supernatural, as the reality is rather banal and depressing to consider, but attributing them to something otherworldly, while entertaining will only result in a real-world horror story that won’t be resolved with talismans, herbs or weapons.
Though just about any parent I’ve spoken with will tell you that they wish they could install a tracking device on their kids, maybe we should be more careful in wishing. This time the monkey’s paw is curling around a new smartwatch for kids that (up until recently) came with a hidden backdoor that, if used properly, could allow the device to take pictures which could then be uploaded to the manufacturer’s servers, as well as location data and sound as recorded by the devices microphone. Note that I wrote “used properly” in a purely technical and NOT ethical sense. While this feature could be extremely useful in locating a missing or abducted child the fact that this backdoor wasn’t disclosed is troubling, moreso once you consider where the smartwatch was made.
When does supervision become spying?
Though the device mentioned is being sold by a Norwegian company, they developed and manufactured it in partnership with a Chinese security firm that also happens to be on the US Commerce Department’s list of sanctioned companies due to it’s close ties with the Chinese government, which isn’t known for being a stalwart champion of human rights or privacy. In the product’s defense, the investigators who discovered the backdoor noted that being able to exploit the device would require access to data that would not be readily available. The manufacturer also pointed out that the data would only be uploaded to it’s private servers to which access was extremely limited, even to its own employees. On top of this, after being notified of the backdoor, the company has since issued a patch to close the backdoor.
Normally, I wouldn’t even bother pointing out this story to you as the smartwatch was never available for sale in the US (possibly because of the sanctioned Chinese partner) but I thought it would be a useful illustration of what is likely to be a common occurrence in the days ahead. Surveillance technology has taken remarkable leaps forward in ways that we both imagined and in ways that we overlook, like the fact that many of us have internet-connected devices in the same rooms as our children that is always listening and possibly watching as well. Technology is extremely complicated, and sometimes business partners aren’t always able to vet every aspect of their devices, especially if certain components aren’t built in countries that have the same standards as our own when it comes to privacy, security and quality. This is not to say that we shouldn’t buy things made elsewhere – what choice do we really have? – but that we should be mindful that it is no longer possible for the average human to ascertain whether the product we just put on our child’s wrist observes the same level of children’s rights we’ve come to expect in the US. Heck, even our own companies have gotten that wrong in the past, even when they should have known it was illegal.
Image by Tumisu from Pixabay
We are seeing a large spike in email phishing attacks across the board, both targeting our clients as well as their customers. These types of attacks are not new, but remain effective because the attackers are relying on a set of human behaviors that are predictable and exploitable. Gone are the days when scam emails were laughably obvious with their broken English and strange phrasing. The most successful attempts are now exploiting already-compromised email accounts, social media content and other publicly available information to make the phishing emails indistinguishable from genuine emails by using phrasings, nicknames and familiar work tasks or project language in the body of the email. This becomes even more effective when the potential victim is rushed, distracted, tired or too trusting. Up until recently, this level of effort was reserved for “whales” – principals of large companies, government officials and other, traditional “high-value” targets, but now we are seeing sophisticated phishing emails aimed at all levels of professionals.
What does this mean for you?
At the moment, there is no hardware, software or “silver bullet” that you can employ to combat this level of trickery except being constantly vigilant and knowing what to watch out for. To that end, I’ll try to highlight some of the common features of phishing emails which will help you spot them as long as you keep your guard up.
All phishing emails will typically have one of these goals:
- Get a password from you
- Get you to send money to an account
- Get you to reveal sensitive information that can be used to get to #1 or #2.
- Get you to install malware on your device
To that end, these emails typically follow a small handful of scenarios. They will likely contain:
- Links to requested information that require you to “authenticate” using your login and password
- Attachments that need a login and password to be viewed
- Requests for you to reply via email with a pin or secret word to verify your identity
- Links to install this app to view your requested files/information
Seeing as some of these tasks are also common in legitimate transactions, you’ll need to look for the second indicator that the email is not real: in most cases, phishing emails will not actually be from the sender they purport to be.
- Check the actual senders address. How to check the actual sender’s address varies based on the device and platform, but you should absolutely know how to do this on whatever device, app or program you use to read your email. In Outlook, the actual senders address is typically easy to see, but on mobile devices this may not be the case, so don’t just assume the sender is legit unless you can 100% verify it. It is trivially easy to spoof a sender’s email address, and in most programs just as easy to spot as long as you are paying attention.
- Does the sender’s address match the content of the email? This week several of my clients received emails notifying them that their Office 365 passwords needed to be reset, but the emails were sent from addresses that were clearly not Office 365 (in this example, “webex.com”). This is a dead giveaway as long as you know what the actual sender’s address should be. Check other known-good emails from the customer or platform in question, look at a recent bill or invoice, or check Google – but make sure you verify – don’t just trust the top search result blindly.
- The email address looks legit. What now? This is easy – pick up the phone and verify that the sender actually sent that email. If this is a customer and they did, they shouldn’t be annoyed that you were being cautious. If they didn’t, you just gave them a heads up that their account may be compromised. If the email appears to come from a large company, you will want to verify by going to the website by manually typing in the website address or by calling the phone number that appears on your official bill. Do NOT rely on any information in an email to be genuine if you are at all suspicious, regardless of how authentic it looks.
Though it may feel like you need to have the observational skills of Sherlock Holmes and the paranoid vigilance of Mad-Eye Moody, there are a few simple, but critically foundational practices that anyone can adopt to safeguard and insulate yourself from attacks like this:
- Use unique, hard-to-guess passwords for all important accounts, and pay attention when using them. Every. Single. Time.
- Don’t store your passwords in an unsecured document on your computer, or in a single physical place (little black book) that could be lost or destroyed.
- Make sure your malware protection is active and you understand how to check its status.
- Have recent backups of all your important data stored in the cloud.
- Pay close attention to everything you do on your device screens. The criminals only need you to be careless once.
Image Courtesy of Stuart Miles at FreeDigitalPhotos.net