Guarding against online threats is every employee’s job — but administrative professionals may have a particularly important role to play.
Admins often have access to valuable company and executive information, notes Shelagh Donnelly, founder and publisher of Exceptional EA, an online resource for administrative professionals. “They are also helpful and supportive by nature, and they want to accommodate requests quickly” — a blend of factors that could make them attractive targets to cybercriminals.
Staying protected requires building good habits. Donnelly, who writes and speaks on cybersecurity concerns for administrative professionals, shares her top tips.
1. Keep Business and Personal Separate
It can be tempting to quickly browse the web on an employer-provided iPad or to check work email on your personal smartphone after hours. That kind of mixing can be dangerous, Donnelly notes, since a virus or malware picked up during your personal use could harm the company by infecting devices and jeopardizing confidential information. “It’s really best to keep your personal and business lives at arm’s length electronically, but that can be very difficult to do,” Donnelly says. If you do need to mix, she adds, be cautious of the sites you visit. A few things to look out for:
• Check the web address bar for a green padlock icon and “https,” rather than “http” — that indicates that communication between your browser and the website is encrypted.
• Look closely at the web address itself — fake ones may include slight variations of the company name or suspicious text (for example, another company’s name or a strange name within the address). This is particularly important if you reach a website by clicking on a link within an email.
• Check for complete contact information, since fake websites are more likely than legitimate ones to have skimpy details — or none at all.
2. Upgrade Passwords to Passphrases
A phrase that’s meaningful to you but hard for others to guess may be more secure than a typical password, Donnelly says. “For example, if you always go to a summer fair and there’s a booth or ride that you particularly love, its name might be easy for you to remember, but would probably mean nothing to someone else,” she says.
Avoid including personal identifying information such as your name, a family member’s name or a birthdate in a passphrase, she advises. If a fraudster knows anything about you, these personal touches could make it easier for them to guess.
For added security, some people swap in numerals for letters: for example, a zero for the letter “O,” or a one instead of the letter “l.” Another security-boosting tactic is to use a mix of capital and lowercase letters. No matter how you choose to build your passphrases, use different ones for the websites that you access.
3. Err on the Side of Caution
More than three-quarters of companies said they’d experienced phishing attacks in 2017, according to cybersecurity training company Wombat. Attacks are becoming harder to spot, unless you know the signs. For example, many phishing emails now appear to come from a boss, a vendor or someone else you regularly do business with, and may request information that’s similar to what you’re accustomed to providing.
“You need to always critically assess what’s coming at you and be prepared to take action,” Donnelly says. That could mean occasionally flagging legitimate emails that look suspicious.
“It doesn’t hurt to check with someone directly if you receive an email claiming to be from them but containing atypical errors, links or attachments,” Donnelly says. Even if it turns out that the email is legitimate, it’s better to be overly cautious than not cautious enough — especially when some scams are hard to detect.
Even the most careful of employees and companies can experience a cyberattack. But adopting these measures, and encouraging co-workers to do the same, may help lower your risk.