Smartphones
Most people nowadays have a smartphone where they keep most or all of their personal data on, including contacts, emails, and pictures. However, keeping sensitive data on a portable device is risky, and leaves you vulnerable to hackers.
The greatest vulnerability comes from the use of public Wi-Fi networks. Though the chance of an attack on your smartphone by a random hacker is slim, hackers can see your activity by running special software that scans all the traffic on a wireless network. It is also possible for a hacker to set up a fake network that looks just like a real one which you connect to unknowingly. We strongly advise against the use of unsecured public Wi-Fi.
Online Cloud Storage
Cloud based storage is very popular with businesses for storing large amounts of data without the cost and maintenance of running servers. However, cloud storage systems, like any server farm, are targets for hackers looking for sensitive employee data such as names, addresses, and social security numbers.
The only way to truly secure sensitive information on the cloud is to encrypt the files themselves with a key that you set personally. This way, even if your account is compromised or the service experiences a data breach, your files are still safe. However, not all data should be stored on the cloud. Sensitive data such as employee records should be stored offline in a secure location.
Email Phishing / Spoofing
Phishing is one of the oldest hacking methods, yet is still wildly effective. Phishing is an attempt to get personal information or login credentials from a victim by sending a link to a fake website that looks like one the user might use, such as a bank, school, or email service. The website is usually one on which a user needs to enter their username and password. Sometimes the victim will not realize what is happening until it is too late and their account has compromised. Once the attackers gain access to an account, they use that account to send additional emails to that person’s contact list, continuing the attack.
It is estimated that about 80,000 people fall for phishing scams every day[1]. As a safeguard against phishing, two-factor authentication can be used to ensure that the attacker cannot access your account even if you click the link. Exercise caution when clicking links in emails and instant messages. Consider the sender of the message and whether you were expecting a link. Read the link carefully to see if it contains misspellings or the wrong suffix (i.e., .com when it should have .org, .edu, .gov, etc). Lastly, if something does not feel right, it more than likely isn’t and you should report the email and change your login credentials immediately.
[1]“Phishing: How Many Take The Bait?” Get Cyber Safe Canada
