How to Avoid Getting Hacked: 3 Practical Steps

How to Avoid Getting Hacked: 3 Practical Steps

Halloween is just around the corner, and we want you to stay safe online and off. In addition, October is Cybersecurity Awareness Month. We’ll look at 3 practical steps you can take to stay safe online in this post.

Cybercriminals today are primarily targeting individuals rather than breaking into systems in today’s technological landscape. To help you protect yourself from cyberattacks at home or at work, we’ll discuss the three best practices.

1) Phishing Scams

Phishing scams can be spotted and avoided by understanding how they work. Phishing occurs when hackers send fake emails to trick users into giving up personal information by making it appear as though the email is from a legitimate institution or company. You are prompted to click malicious links, download dangerous files, and log into fake websites using fake logos, addresses, and language from real companies. When you enter your credentials to log in, the criminal on the other end steals your username and password to breach your account. The CEO scam is another common tactic, where an email appears to arrive from a CEO or top executive asking for money transfers. Avoid clicking on links or opening attachments that appear suspicious to combat scams that invade your inbox. It’s wise to think twice before transferring money or sensitive information via email and confirm that request with the sender over the phone or in person.

2) Password Discipline

To be connected online, a good password strategy is also essential. Many headlines in the media report on data breaches involving millions of accounts. There is a chance that some of this can be attributed to using the same simple passwords on different accounts. The good news is there are tools like LastPass and Dashlane that will generate complex passwords for your various accounts and store them in one place. A modern password management strategy would not be complete without Two-Factor Authentication. With 2FA, an extra layer of security is created by verifying your login via a text message or application prompt on your smartphone. Two-factor authentication minimizes security breaches by 90%.

3) Phone Scams

In addition, cybercriminals target smartphones. A hacker will contact you on your mobile device, posing as CRA or a law enforcement agency, in the hopes of coercing you into paying back taxes. Here, you should take the same precautions you use against phishing emails, so never provide sensitive information or send money.

Essentially, sound cybersecurity is about recognizing phishing emails, managing your passwords effectively, and being able to identify when you’re getting a call from a scammer. Keep these three points in mind to keep yourself safe anywhere!

Cybersecurity: Phishing Scams

Cybersecurity: Phishing Scams

Our post last week discussed cyber-attacks and the dangers to SME’s. We specifically stressed the importance of adequate training since in its absence employees may inadvertently compromise their organization’s security systems. This week’s post builds on this idea through a discussion on phishing attacks.

Phishing attacks attempt to steal sensitive information and data through emails, websites, school text messages and other forms of electronic communication. Attackers socially engineer reliable applications to deceive the unsuspecting, appearing to look legitimate.

Cybercriminals usually attempt to steal usernames, passwords, credit card information, bank account details and other credentials. They use stolen information for malicious purposes, such as hacking, identity theft, and fraud.

If you feel you have been a victim of a phishing attack:

  1. Contact your IT admin if you are on a work computer.
  2. Change all password’s associated with the accounts.
  3. Report any fraudulent activity to your bank and credit card companies.

How phishing works

Phishing attacks are scams that attempt to use social engineering to bait or lure individuals to divulge sensitive information.

A simple but sophisticated tactic is the use of pdf’s through deceitful email scams. This socially engineered scam sends an email with a pdf attachment, password protected for your safety, from real companies and the only way to enter and see the contents of the document are to re-enter your email credentials. This gives the attacker your email credentials thereby risking access to other personal information.

Phishing trends and techniques


Payment/Delivery Scam

This describes when a person is asked to provide their credit card details or other pertinent personal data for the purposes of updating their information with commonly known vendors or suppliers. This is especially troubling since these scams target well-known companies with a higher likelihood of familiarity. A person’s prior knowledge of the company lures them into a false sense of security. Generally speaking, a person will likely have done business with the specific company in the past. However, most are not aware of any recent purchases. Information updates are normally requested so that a person can steal your personal information. It is critical to be aware of these scams and to stay vigilante.

Tax-themed phishing scams

A common CRA phishing scam is receiving an urgent electronic mail letter indicating that you owe money to the CRA. These emails often threaten legal action if you do not access the site in a timely manner and pay the identified balance owed on your taxes. Upon accessing the site, attackers steal personal credit card and banking information in addition to receiving the requested sum. These emails use legitimate governing bodies and regulatory institutions to evoke fear, this unfortunately works all too often as persons are compelled to rectify any apparent concerns with CRA regardless of their legitimacy.


This describes when an attacker sends a fraudulent email urging a person to open or download a document that requires their email credentials for access. 

How to protect against phishing attacks

These kinds of attacks are designed to take advantage of a user’s possible lapse in decision-making. Whether it is personal information through email or unknown websites, or over the phone.

Software solutions for organizations

  • Microsoft Edge and Windows Defender Application Guard offer protection from the increasing threat of targeted attacks. If a browsed website is deemed untrusted, it will isolate that device from the rest of your network’s electronic net, preventing access to your company’s data.
  • Microsoft Exchange Online Protection (EOP) offers business-class reliability and protection security against spam and malware, while maintaining access to email during and after emergencies. It can control different m filtering, such as bulk mail controls and international spam, that will further enhance your protection services.
  • Office 365 Advanced Threat Protection (ATP) helps protect your email, files, and online storage against malware. It offers full protection in Microsoft Teams, Word, Excel, PowerPoint, Visio, SharePoint Online, and OneDrive for Business. It protects against unsafe attachments and provides additional protection against malicious links.

Other Types of Email Attacks

This post is focused on phishing attacks and the personal and professional difficulties that may arise from these incidents. It is important to note, that phishing attacks represent a single category of cyber-attacks. Future post will further explore other types of cyber-attacks like email spam and viruses.

Stay in the Loop!

Why is Cybersecurity so important?

Why is Cybersecurity so important?


Information security is a key priority for all business types and sizes as a form of risk management for IT-based services and corporate data. In todays connected world businesses are more vulnerable to cyber attacks then ever before. The use of technology has provided many benefits and advantages to everyday business operations, but without the appropriate protection and security implemented, that same technology can be used by cyber criminals.

What is cybersecurity?

Cybersecurity is the practice of securing devices, networks, systems and any other digital infrastructure from unwanted attacks. The best strategy is a layered approach, similar to any good defense.

Prepare your team

The most common cause of data breaches are employees. Your team can become your greatest security risk without proper training. Employee’s often display risky internet behavior that result in cyberattacks because of the lack of awareness around cybersecurity efforts.

Small business owners should educate employees on all risk management practices including IT. Luckily, businesses can bring in specialists to detect the issue and teach employees about potential cyber threats before it impacts the business.

Perform an analysis on your security infrastructure early and often

A risk analysis would help your business identify, manage, and secure information that could be vulnerable to a cyber-attack. Additionally, a risk analysis can help construct a plan for security controls, which can help further protect your company. Identifying and working to prevent security threats early on will save your business money and reputational damage overall. Risk assessments should be a focus of your organization to understand where you may be vulnerable to security threats.

More importantly businesses must have a framework for how they deal with both attempted and successful cyber attacks.

Security by Design

A layered cybersecurity process is the best way to thwart any cyber attack spread across your entire infrastructure. A blend use of firewalls, DNS filtering, malware protection, antivirus software, and email security solutions. Implementing security features at all points is needed more now then ever before.

Final Thoughts

The cyber security landscape is evolving, and threats get more advanced every day. To protect your business, it is vital that all your employees make cyber security a top priority.


Stay in the loop!