What do businesses need to know about Internet Safety and trust online?
As businesses continue to move more and more of their marketing and management programs online, it’s important to consider the real risks of doing business in an online environment. Password hacks and malware can take down your website, and connections that seem real online can turn out to be scammers.
Since it’s #SaferInternetDay, let’s talk about how businesses can create safety policies to keep their businesses, clients and employees safe online.
Never Assume a Stranger Online is Trustworthy
When you increase your visibility online, you’ll attract a mix of people, often including ones without your best interests at heart. Unless you have a real-world relationship with a person who is trying to communicate with you, proceed with caution. Someone who appears to be connected to your other friends may still be a security risk.
If you’re using your social media accounts for business connections, be cautious of who you accept as friends or connections. If you don’t personally know someone, or at least know how you are connected, consider avoiding their “friend request” on Facebook. Instead, you could direct them to you follow your business page, or start a conversation with them to find out what they’re truly interested in.
Over email, beware of offers to promote your business from companies you have never heard about. These often take the form of some flattery, and a “too good to be true” offer to promote you.
Online Privacy Laws: Be Careful How You Handle Sensitive Information
If you run a business, taking care of sensitive information is your responsibility. And there are potential legal consequences if you don’t take it seriously.
If your business collects private information including email addresses, real world addresses, phone numbers, health information or other information, make sure you are keeping that information secure and following the appropriate privacy laws. This includes monitoring which employees have access to your sensitive customer information, and having a system for managing that access.
If your business handles data, including email addresses, customer records, or otherwise, it’s important to know the rules. The rules are changing, so be aware of new rules as they come about.
Privacy Laws that affect businesses collecting information from customers include:
The EU General Data Protection Regulation (GDPR): this is the most important change in data privacy regulation in 20 years. Even though it is aimed at European businesses, it has an effect on businesses worldwide. And we can expect similar regulations to come into play in the USA and Canada.
California’s Consumer Privacy Act (2018) is the first US law following the example of the GDPR.
Canada has Canadian Anti-Spam Legislation (CASL), a law to fight email spam. However, it does not stop spam or email scams from non-Canadian sources — so take care when you share your email address.
Create Strong Passwords and Change Them Regularly
Passwords can be difficult for businesses to manage. They’re hard to remember, so we all try to reduce the number and complexity of passwords we have. Unfortunately, that’s not the best approach when it comes to keeping our online business tools safe.
At We Make Stuff Happen, our team uses a solution called Last Pass to manage passwords securely. Recently, we were notified of a password breach with Basecamp, the project management software we use, that is one of the top project management programs available. This reminds us that regularly changing our passwords is an important part of keeping our online profiles safe.
Consider creating a company-wide policy for password strength, how frequently passwords must be updated, and how passwords are kept safe.
Keeping Your Website Safe
With any website, there is always a risk of being hacked, or having malicious software infect your site. Our policy is to regularly scan websites, install programs that help us “harden” the sites, use high-quality hosting, and maintain regular backup copies in case anything happens to a site. If you’re managing your own site, make sure you understand what you can do to keep it safe, including having an easy plan to restore your site quickly if it is hacked.
Keep in mind that it can simply take someone having a poor password for a website to be vulnerable to a hack attempt.
Never Assume that Someone Who Knows Things About You is Someone You Can Trust
Your employees and clients need to know that it’s easy for scammers to get personal information and use it for their purposes. They do this by illegally or legally purchasing mailing lists from organizations and groups. They also can find a fair amount of information about you freely available through city, provincial, or federal government websites.
It can be so easy for someone to find out personal information about you and then use it to trick you into thinking that they are someone they are not. It is important for you to always be cautious when communicating with strangers online, even if they do know information like your address, full name, the number of children you have etc.
There are many website scams designed to trick you into giving out your private information, such as your usernames and passwords. This includes online “games” and other forms. If you have any doubt about whether you can trust an email or website, call the customer service phone number for the company or institution. It is always possible that a scammer is trying to access your sensitive accounts. They might even try to use the information to steal your identity.
Top Scams To Avoid
There are three primary ways that scammers will use to try to take advantage of individuals online.
Top Online Scam #1: Email Scams
The most common type of email scam is a request for a short-term loan, either to help someone in need (The Nigerian Prince Scam is a good example), or with the promise of a big return on your money.
Scammers create email messages and websites that look almost 100% legitimate. This usually comes in the form of a trusted banking or government establishment. Although the email or website might look valid, a government or banking representative will NEVER ask you for your username and password.
This type of scam can also be used to gain access to your other online accounts, such as social media or email logins.
If an offer through an email sounds too good to be true, it probably is too good to be true. It is likely a fictitious offer or prize created to trick you into giving out private information, to wire money to a scammer, or to get you to install malicious software on to your computer.
Top Online Scam #2: Website Pop-Up Ads and Warnings
Scammers will use either congratulatory or fearful messaging text to encourage you to click links in the web page.
Here are a few examples:
- Congratulations! You’ve Won a Prize: In this scam, a website is set up by a scammer. When you visit that site , it will notify you that you’ve won a prize. Similar to the Nigerian Prince email scam, the scammers might request a down payment to secure your prize, or they might ask for your banking information so that they can deposit your winnings.
- Warning! Install Required Security Software: In this scam, the page warns that your computer is compromised and that you must immediately install their software. Large companies such as Microsoft or Apple do NOT notify you of security issues via pop-ups.
In either case, the messages are malicious, and someone is trying to scam you. You may also inadvertently download a virus if you click on these links, so it’s important to regularly scan your computer for viruses.
Top Online Scam #3: Impersonation on Social Media and Online Dating Sites
Often scammers use social media and dating sites to befriend you or even to claim that they actually know you. They will gain information found online about you and use that information with the hopes of gaining your trust by knowing personal details about you. The Grandparent Scam is a great example, this scam usually involves a phone call from someone who pretends to be your grandchild.
If you have ever watched Dr.Phil, you might know of the term “Catfish”. Catfishing is a Romance Scam.
Scammers commonly target unsuspecting people through online dating sites, pretending to be an interested suitor. When in reality, the person they claim to be is someone totally different. They will use someone else’s images and create a fake online profile to communicate with you as that person.
To learn more about common Internet scams, check out the following links:
- #SaferInternetDay Online Safety for Businesses - January 30, 2019