Cybersecurity Made Simple: Practical Tips to Keep Your Data Safe

October is Cybersecurity Month.

Are you prepared?

Every day, headlines warn about a new data breach or cyberattack. Millions of records are stolen, from identification numbers to account numbers. Ransomware is rampant. It happens so frequently that you might feel yourself becoming desensitized to the inevitability of your company’s data being stolen or the suspicion that the email from your boss might be fraudulent.

We’re a far cry from the Nigerian Prince emails of the 1990s, especially as some AI chat tools can now mimic writing styles.

A Few Statistics on Cyberattacks

As businesses expand their adoption of AI, we need to stay ahead to stay protected.

Here are some of the latest headlines from the world of AI and data security:

Cyberattacks increasing: The IMF reported in 2024 that global cyberattacks have more than doubled since the COVID-19 pandemic, threatening global economic and financial stability on a macro level. The report describes the financial sector as “highly exposed.”

Fraud attempts: 2024 saw a big jump in fraud related losses, which scaled up to $12.5 billion, a sharp rise from $10 billion in 2023.

The cost of global cybercrime: The latest trends in cybercrime show that the human element can be the weakest link, resulting in a cybercrime economy larger than the GDP of most countries. But we can also become the strongest guards with the right awareness.

Phishing: Email fraud accounts for an overwhelming number of successful attacks. Estimates say that 3.4 billion emails are sent daily, making phishing emails one of the most successful method of cyberattack.

Human error: Most email breaches are caused by human error. Mileage may vary: an IBM study found the figure to be 95%; Stanford University reported 88%. The good news is that with appropriate training and awareness, that number could come down.

The Armour: Tips and Tricks to Stay Protected

Here are some tips for identifying potential email scams, and tactics for reducing the impact on your organization.

1. If an email or text looks or feels suspicious, it probably is. Does this person or organization typically communicate with you this way? If the answer is no, pick up the phone and call your usual contact to inquire. But make sure to use the phone number you last had recorded for them… NOT the one in the possibly fraudulent email you just received. Does the email address look legitimate? Are there extra letters or is it coming from a free email address and from a person you don’t know?

2. Do not ACT NOW! No matter how alarming—or tempting—the message may seem. Does the sender make the request sound urgent? Take a breath. Examine the grammar and the nature of the request. Did you order the items winging their way to you, for which you are being asked to pay?

3. Play hard to get. What personal data are they asking you to share? Consider the source, and whether the transmission methods are secure.

4. Attachment issues. Is the email urging you to download a file or click a link? Delete it, report it, send it to spam, or ask your IT department to review prior to clicking! Alternatively, are there incomprehensibly long URLs embedded under the links in the email?

Reasons for Increase in Cyberattacks in the Digital Age

What’s causing this wave, and these heightened threat levels? One explanation is that the COVID-19 pandemic accelerated the digitalization of business processes. It is now more challenging for businesses to secure a hodgepodge of employees’ remote set-ups. Further, geopolitical tensions have unleashed more hackers and more threats. AI tools lower the barriers still further.

1. Authentication: Security questions can seem to know an unsettling amount about you: your childhood telephone number, your first school; the name of your first pet or your first crush. While Multi-factor authentication isn’t unhackable, but it can go a long way in foiling attempts. Enable it and use it.

2. Presumptions of privacy: If the information is online, it follows you anywhere. Assume that it’s never going away. The European Union has strict laws around data privacy, including the right to have your data erased, but you have to be proactive about it. Many more jurisdictions are adopting similar laws, but we live in an imperfect world.

3. Let’s get lost: Scrubbing your data is possible but can be time-consuming. Start by deleting profiles from sites you no longer access, and deleting unused apps from your phone. Google has a function that helps you remove some personal data from the web, which might be a good place to start.

4. Guard your passwords: Change your passwords frequently. Don’t reuse passwords (yeah, right). Use a pass PHRASE instead of a password, and the longer the better. Don’t share passwords. If you suspect your data may have been compromised, change your passwords!

5. Proactive password management: For your personal logins, you might use a password manager, like Apple’s iCloud Keychain or Google’s Password Manager, to store your passwords safely Apple, Google and Microsoft offer a passkey function such as Face ID or fingerprint. Check to see what your organization allows for your work access.

Businesses and email clients are continually under attack, despite best efforts to stay ahead of the hackers and the fraudsters. With so much coming at you every day, the temptation might be to put your head in the sand and think ‘it can’t happen here’. But it can.

To wrap up

If you see something, say something®. Be vigilant, be careful, and be smart. Your company’s cybersecurity team and your help desk are a great first line of defense. To quote many a cybersecurity chief: Their jobs are to ensure that you are as paranoid as they are.

Let’s stay safe out there.