#10 Consider Identity Theft Protection
It’s not a matter of if, it’s a matter of when. Pardon the cynicism but we all have a 1 in 4 chance of getting hit. Long before the Internet took off, a lot of paper records included personal identifying information (“PII”) which is now at large. Georgia Driver’s licenses used to include your Social Security number. It would be safe to assume somebody with bad intentions either has your PII or will be able to locate it because paper records are digitized and put up for sale on the Dark Web all the time. If your identity is stolen it will take you a minimum of 80 hours to remediate with all the government agencies, credit bureaus, banks, credit card companies and other organizations you do business with. Can you imagine how disruptive that would be to your professional life? For pennies a day, a good Identity Theft Protection and Recovery Company can protect you and manage the recovery process if you happen to get hit. In the very least, keep your credit frozen and only unfreeze it when necessary.
#11 Two-Factor Authentication
Two Factor Authentication, also known as 2FA, is an extra layer of security that is known as “multi-factor authentication.” This requires not only a password and username but also something else that is unique to that user. Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity. 2FA can be implemented with enterprise grade solutions such as Duo Mobile, Okta, OneLogin and SecureAuth. It can also be implemented at no cost directly with online services such as Facebook, LinkedIn, Yahoo and Well Fargo, just to name a few. Once you log in with a user ID and password, a dialogue box prompts you to request a code which they send to your smartphone as a text message. A few seconds later you can enter the 6 to 8 digit code to gain access.
#12 Don’t Operate In The Shadows
Eighty percent (80%) of workers admit to using cloud applications that have not been approved by their company or IT provider. Thirty-Three (33%) of cyber breach incidents are triggered through shadow IT. Why? IT has been heavily “consumerized” making it easier than ever to do whatever you want on your own device. Users are constantly downloading free, unauthorized apps. They’re storing and transmitting sensitive data between personal devices, webmail and the organization’s email system. Employees are putting corporate data in personal, consumer-grade DropBox accounts. We’re all being automatically logged into free Wifi hotspots. Unregulated website browsing is out of control. And just about everyone is using corporate laptops at home for personal matters. Once a compromised machine or device is plugged into the network, your organization is exposed to a host of preventable problems.
#13 Make Sure You Are Really Unsubscribing
Clicking “Unsubscribe” in a fraudulent email does not mean your email address will be removed from the scammer’s hit list. Especially if it takes you to a website that prompts you to re-enter your email address. It will, however, do one or things – verify the address for the scammer or lead you to a malicious website that will download malware onto your computer and/or trick you into falling for some sort of scam. Reputable marketers don’t do this. Companies like Amazon, Apple, J. Crew, Bonobos, and Brooks Brothers, et al already have your email address and respect your wishes to be removed. The best approach is to handle the questionable spam barrage is to simply mark the suspicious or unwanted email as “SPAM” or “Junk” and then simply delete it. Resist the urge to open it.