October is Cyber Security Month, and it's a great time to speak about how Kinsted approaches the security of client information and how you can protect yourself.

The need for cyber security and protection solutions is only increasing. Every day there are new stories of hacker groups ransoming companies they have infiltrated, disrupting services, or releasing private client information on the internet. These attacks are growing more refined, and there are sophisticated tools for combatting them. Some of these tools in use at Kinsted include tracking and limiting system and email access by geographic region, using a VPN, firewall, anti-virus software, threat detection software, phishing email software, and backups, device encryption, and performing routine vulnerability scans.

However, most attacks use simple strategies that start with getting someone to click on a link, open an attachment in an email, or enter account details into a copycat site that steals them. Some other common attacks involve disguising emails to look like they are from someone you know who needs you to send them money or gift cards urgently, or an email from an account of someone you know changing details of payments that you make regularly. There are five basic strategies in use at Kinsted that you can use personally to avoid cyber attacks.

Be Suspicious

Email is not a secure form of communication. Similar to writing an address on a letter, an email can be disguised to look like it's from someone else.

If someone is unexpectedly asking you to do something, click on a link, open an attachment, etc., be suspicious and verify before doing anything.

1. Hover your mouse over a sender's name to see what email it was sent from. Ensure email addresses are spelled correctly, and there are no extra letters or mistakes (ex. [email protected] vs. [email protected]).
2. Hover your mouse over links before clicking on them to ensure they take you where you expect to go.
3. Use your phone to verify. If you unexpectedly receive an attachment or a request, call the person and see if it's legitimate. Don't' rely on the contact details in the email if you won't recognize the person's voice, as they may be doctored. Use a number you already have or look them up on a company website.

If your account gets compromised, an attacker could have access to everything you've ever sent. It is always best to avoid sending sensitive personal details over email.

Password Manager

Use a password manager to store your passwords. Password managers allow you to have complex, unique passwords for all your accounts and sites you use. Essentially, this replaces a notebook with passwords and adds encryption and a password to access it. It is difficult to remember the many different passwords you likely have, and most people end up reusing them or using the same password with minor adjustments. Both strategies are risky because if a site is ever compromised and your password is leaked, attackers may take your details and try them elsewhere.

Two Factor Authentication

Turn on two-factor authentication (2FA) on every site when possible.  2FA adds a second verification step to log into a site. A code with either be texted or emailed to you or available on a site in order to gain access. This means that someone needs your password and access to your phone or email account to get into the site.

If you can, using an app is always more secure. While not common, there are ways to intercept texts. Email should be avoided as a form of 2FA if possible because if an attacker gets access to your email, they can access your other accounts.

Regular system updates

Install operating system updates regularly. As software companies become aware of security issues, they will release fixes, but it's up to you to install these. By the time there is a fix, there is already someone aware of and exploiting the original issue.

Mobile Device Security

Our phones are a doorway into our digital lives and contain, or are connected to, a lot of private information. Securing your phone can be achieved through;

1. Turning on encryption,
2. Setting a short screen lock timer,
3. Using a password or biometrics to access your phone instead of a short pin, and
4. Setting up a service to locate or erase your phone if you lose it.

The risks of cyber attacks and their resulting damage is only growing. At Kinsted, we understand that even the best protection can fail if someone with access makes a mistake, which we take seriously and why we continue to educate staff and clients. We wish you safe travels in this digital world.