In today’s digital landscape, knowing what cyber risks to avoid and which red flags to look for are essential to protect you from evolving cyber threats. We’re sharing our top ways to protect yourself this summer.

3 steps you can take today to protect your email 

• Enable two-factor authentication. This is our top bang-for-your-buck recommendation: easy with a big security benefit. Two-factor authentication adds an extra layer of security to protect you even if your password gets compromised. For those of you who use Gmail – here is a link that shows you how to set it up.
• Don’t share private personal information. Opt for a good old-fashioned phone call if you ever need to share passwords, social security numbers, or bank details. Our team can help you create secure links if you need to share these over written communication.
• Have a long, strong, and unique password. We’ve said it before, and we’ll say it again – keeping your email (and banking) passwords ~15 digits long and unique from other passwords are simple ways to protect yourself. Why? Criminals will grab the username and password combinations from retailers and test them at banks and email providers. Unique passwords help prevent this technique from working. Here is an independent review of good password managers that can help you store your info securely.

A discussion of email security would be deficient without a mention of phishing. We think this is so important we’re highlighting three additional tips to help you identify phishing when you encounter it. What is phishing? Email phishing is a cyber-attack where scammers attempt to trick you into revealing your private information through email. They often use a combination of social engineering or malicious links to get you to share information. This is, unfortunately, becoming more common, and it’s important to know how to protect yourself.

3 tips to spot a “phish” in your inbox

• Suspicious email addresses. Phishing emails often mimic legitimate organizations but have slight variations or misspellings in the sender’s address. Check if the email matches the official domain, and be cautious of misspellings or unexpected differences.
• Urgent language and misspelled words. Phishing emails use urgency to create panic and pressure you into immediate action. They may threaten account closure or penalties. Beware statements like “Your account will be deactivated in 24 hours” or “Legal action will be taken if you don’t respond soon.” Misspellings are easy to spot and often indicate a phish.
• Requests for sensitive information, suspicious links, or attachments. Phishing emails ask for sensitive details like passwords or credit card numbers, which legitimate organizations rarely request via email. Avoid sharing personal information through email unless you’ve verified the request independently. When you see an email that you think is a phish, we recommend calling the institution directly to verify (using a phone number you look up instead of the phone number in the suspicious email).

At HIG, we work daily in the background to protect your information by raising awareness within our team, identifying vulnerabilities, evaluating security controls, and fostering a security culture. We have developed a comprehensive cybersecurity program that includes quarterly phishing testing of our team to fortify our internal defenses for your protection. Curious to learn more? Give me a call at 314-448-4023.

We have talked in the past about how to keep your information safe online, but what about your kids’? In this era of Zoom classrooms, kids are more in charge of their cyber safety than ever before, and parents are sick of remembering and retrieving passwords. What’s the solution?  

Below we’ve distilled some wisdom shared recently in this Wall Street Journal article. 

• Tell them why – Passwords stop others from using your computer or pretending to be you over the internet. 
• Long is best, and silly beats the rest! – Use a silly sentence as a password. Silly sentences are easy to remember and hard to guess. What’s the silliest sentence you can think of? 
• Secrecy and consequences – Only you know your secret code. If you lose or forget it you might not be able to play with your friends. Trusting an adult with your password is ok. 
• No peeking – Passwords are secret. Before and while you enter your password, make sure no one is watching. 
• Check for the little padlock – The little lock in the address bar shows you have a secure connection, and it’s safe to enter your password. 

At best, they’re annoying as all get-out. At worst, you end up falling for them. Either way, with phone services gone mobile, scam callers are finding us wherever we go. As stated in this recent AARP Bulletin, “5 Ways to Stop Spam Calls,” American homes are receiving about 4 million robocalls every hour.

That much ringing sure is one big headache. Although I can’t promise to eliminate those pesky calls completely, I can offer several tips for managing them.

Silence Is Golden

You can start by reading the AARP Bulletin I referenced above. One simple tip requires no action at all, just a little habit change. The author suggests answering your phone with several seconds of silence when you first pick up. You may even want to let the other party say “Hello?” first.

While this may seem harsh, the reality is, if it’s a real person trying to reach you, the pause shouldn’t impede the conversation. If it’s a voice-activated robocall, the silence should not only cause them to disconnect and move on, it could trick them into assuming the number is invalid, which might also discourage them from trying to call back.

Pros and Cons of the Cold Shoulder

Should you simply skip answering the phone at all, assuming anyone who matters will leave a message? It’s an easy way to avoid speaking with anyone you shouldn’t. Especially if you find it hard to hang up on an unwelcome call once you’ve answered it, this might still be your best bet. But recognize that, unlike the silent treatment above, reaching your voicemail confirms that your number is indeed in service. This can set you up for repeat attempts and increased robocall volume in the future.

Who’s There?

With most phones offering CallerID, you may be able to identify unwelcome calls on your own. For example, the AARP Bulletin notes, “Beware of area codes 268, 284, 809 and 876, which originate from Caribbean countries.” If the caller’s number is similar to your own, that’s another red flag. For example, say your phone number were 123-456-7890. Any unfamiliar call supposedly from the same 123-456 prefix is likely bogus.

The AARP Bulletin also suggests several free services and apps to help you further identify, flag and block spam calls on your cell phone and landlines alike.

Tough Love About Phone Etiquette

If you do end up answering a spam call despite your best efforts, your top concern should be ensuring you don’t fall into any traps once they get you on the line. The instant you recognize the caller may be illegitimate, go silent. Don’t ask or answer any questions. Don’t even explain why you’d rather not speak with them. Just hang up. Immediately. If the caller was claiming to be from an institution you do business with, such as your bank, you can always call that institution directly to report and ask about the suspicious call. This is similar to the advice I offered on email phishing.

The time has come for us to reframe phone etiquette! The old way called for being immediately pleasant and engaging when a stranger called. The new way? Let the stranger say “hello” first. Although Miss Manners may not approve, answering a stranger’s call with a couple seconds of silence may reduce these calls for good. If you have additional ideas, we are always here to discuss.