New York Times Hacked: 3 Tips for Avoiding Email Scams
On the front page of today's New York Times is a lengthy report about how the publishing giant was allegedly the victim of a four-month-long attack by Chinese hackers. The hackers apparently gained access to the newspaper's computer systems and obtained passwords for reporters and other employees. The timing of the attacks, the Times said, coincided with a report the paper published in October about a relative of China's prime minister.
While the Chinese government denied being involved in the alleged hack at the Times, security analysts have predicted that nation-sponsored cyber warfare will become more commonplace this year, with banks, businesses and other groups potentially at risk.
The Times suggested that hackers initially infiltrated its computer systems by way of a phishing scam -- when hackers use an email message that's tailored to you or your business to entice you to click on a link. The scams usually aim to con users out of money or to insert malicious code onto your computer that enables hackers access to your passwords and your company's sensitive business information.
Here are three tips to help keep you and your staff on the safe side of dangerous email hacking threats:
1. Educate employees about risky emails.
Your first line of defense is having a savvy staff. The problem with phishing scams is that they're engineered to look like legitimate messages. But the more suspicious your employees are, the more likely they should be to delete the message without clicking on any of the links. They should be skeptical of messages that urge them to "verify" or "update" account information.
If an employee does receive a scam email, he or she should alert you or your IT department so you can notify your entire team to avoid it. Many email providers and internet browsers also allow you to report suspicious emails or websites.
2. Keep your tech up-to-date.
One of the easiest steps businesses can take is to update their antivirus software and spam filtering, as these can help weed out potentially malicious email messages. It's also smart to make sure your computers and mobile devices are running up-to-date versions of software, with the most recent bug fixes. Many web browsers also "blacklist" sites that have been identified as known phishing offenders.
3. Update and create strong passwords.
If your company does fall victim to an email scam, hackers can target your passwords -- the gateways to your sensitive professional and personal information. Make sure to create passwords that are easy for you to remember but also aren't obvious. Security professionals often recommend creating passwords that are at least 14 characters long, contain letters as well as numbers, and use upper and lower case letters.