There is nothing quite so gut wrenching as that moment when you realize that your computer or email account has been taken over. It can look differently depending on what happened to land you there.

It could be a PA you’re working with forwards you an odd email that claims it was sent from your email. Perhaps strange pop ups happening on your computer that you never opened. Or one of the worst, it could be a message saying your machine has been locked, and they are extorting you for money in exchange for giving you access back to your files.

The steps below outline some of the ways that our Brush Country Claims IT Department helps our claims adjusters stay safe on the internet while in the field.

When it Comes to Email – Check Before You Click

Phishing and Malware emails are one of the largest complaints we see from users on a regular basis. There are a couple different kinds of emails that you will see that are geared at trying to either get your information or get access to your machine to obtain information.

Phishing emails are looking specifically for your log in so that they can access your information, perhaps log the keystrokes on your computer, and often are targeting banking and personal information to exploit. These emails will often look like an email that is received from a usual source (like Facebook) but will have a couple pieces that look just a little bit suspicious if you look closely.

Emails containing malware can often look quite convincing. They will often take someone’s email history and send malicious emails out in reply to previous conversations but with an attachment that is a Zip file, or sometimes a Microsoft Word/Excel file that has content embedded within it. Once the document is downloaded and enabled on your machine, it begins replicating in your system, and capturing data and information. Sometimes these can capture your entire contact history, and then attempt to spread themselves to all your contacts as well.

Key things to look for on emails:

• Does the sender’s name match the email address? If Jennifer Dalton is sending you an email but the email address said johndoe@exotichotelresorts.com that is a warning sign that this email may not be trustworthy.
• Hover your mouse over any links in the email. Do they make sense? If someone sends you an email with a link to bcc-ltd.com but you hold your mouse over it and it is pointing to a site about sunglasses, this is a warning sign.
• Is the email asking you to sign in with your credentials or provide your username and password? Our IT department, as with most IT Departments, will never email you asking you to verify your username and password for us. Any requests of this nature should be viewed highly suspiciously.

The next question we get from users when they learn to identify these warning signs is what to do about them. If you are ever unsure if an email is legitimate or not, the general rule is verifying it without the email.

For example, if an email claims your account has a security issue, log into the site by typing the address in another browser, not by clicking their link. If an email wants you to click on a link or open an attachment, call the person, and verify that they did send the attachment. It will always be easier to make that phone call, or take the moment to verify the information externally, rather than send everyone in your contact list an explanation that you’ve been hacked.

Keeping Your Machine Safe

One of the easiest things to neglect is the basic security on your computer. As a driver, you wouldn’t want to drive your car without doing basic maintenance on it like oil changes or refilling the gas. While it may work for a short term if you neglect to do those things, eventually you will end up broken down. The same can be said for looking at the security of your computer.

What should your computer maintenance include?

• Updates for your system and applications on a regular basis
• Antivirus and Malware Scanning to actively check for and block malicious software
• Back-ups of your files

Those updates that Windows and Apple put out aren’t just strictly to update new features. The updates will often include new patches for security based on recent threats and vulnerabilities.

The other piece of updates that most people don’t realize is that it’s not just the bulky machine updates you need to check from time to time. Individual browsers like Chrome, Mozilla, Edge, and Safari will have their own individual updates that may need to be checked, as well as certain applications like Office or Xactimate.

It always bears repeating that having and using an Antivirus program is crucial. Using our car analogy, having your machine connected to the web and browsing without an Antivirus, would be the equivalent of driving your car without breaks, no safety net whatsoever. Most antivirus programs on the market will include safe browsing measures as well, to try and help keep browser pop-ups and add-ins that are malicious from being installed or clicked on your machine.

Some malicious software like ransomware will try to extort you in exchange for releasing your files. If you ever encounter this, see if your Antivirus has remediation available, or with a backup you can self-restore in the event something does sneak through your security. Backups to a local USB drive or One Drive are a great way to protect your data.

Stay Current with Password Best Practices

The number of times our IT department talks to someone to help with a password issue and are asked to use, “Password123” or “Fido2021” are sadly still more often than you’d think. If I happened to just guess your password, this section is for you. The question of what makes a password secure, and when to use them is also the key to helping keep your personal and work information secure.

Ways to keep your password secure:

• Avoid using the same password for everything
• Use a combination of words that you can visualize
• Shoot for a password length of 12 characters in length
• Ideally change passwords every 3-6 months

Coming up with new passwords can be challenging even for the best of us when different websites all have different requirements. Using a password manager is one of the easiest ways to help keep up with your passwords.

As far as the best combination for passwords, with the range of lower- and upper-case letters, numbers, symbols, and lengths a good rule of thumb is trying to have your password be at least 12 characters long, and include both upper- and lower-case letters, a number, and a symbol.

The next question users ask our IT Department is how on earth to remember such a long password. The trick that we recommend is coming up with a combination that you can visualize but is entirely random unrelated words.

For example, our four random words could be RedBearHatLamp and then we could add in our one number and symbol to that combination. To remember this, we would then use an image of a Red bear, wearing a hat and holding a lamp.

The reason we recommend the longer passwords has to do with the time it takes a computer to try and use a brute force attack against them. With our previous examples look at how long each password would take a computer to break based on security.org’s password strength checker:

• Password1 – Near Instantly
• Fido2021 – 1 hour
• P@ssw0rd – 8 Hours
• RedBearHatLamp – 8 hundred thousand years
• R3dBearH@tLamp – 2 hundred million years

When it comes to keeping your personal and work information safe, having that password be as strong as possible is one of your first lines of defense and one of the easiest issues to remedy.

Keep Your Information Secure During CAT Deployments

One of the things that is most obvious when we hit CAT deployments is that the wireless and internet options become one of the most crucial pieces to how you well you can turn around your files. With limited connectivity, we can also start to see certain risks with security and there are a couple things to keep in mind.

Steps to keep your data safe:

• If connecting to a hotel, or public, WiFi consider using a VPN. This will help keep your data secure in case the hotel itself has had any security issues with their guest internet. You can’t know who else is connected to that network and VPN will help ensure that your data is at least encrypted. Our IT Department recommends using NORD VPN, or Surfshark.
• If using your mobile device for a mobile hot spot, always use a secure password for connections to your hot spot. This also helps keep people from piggybacking on your connection and using up your bandwidth.
• Lock your laptop if you step away. On Windows laptops you can press the Windows key and L and it will lock your screen keeping anyone from accessing your information if you step away for a moment. On a Mac the command is Control, command, and Q at the same time.

Be Aware and Let IT Know

At the end of the day there is no silver bullet for preventing being targeted by malicious people on the internet these days; however, if you’re aware, cautious, and keeping up with your security best practices and maintenance, information breaches are totally avoidable and can be recovered from.

If you ever suspect that your information or machine has been compromised, or if you have any questions, please reach out to our IT department! We’re happy to help and will work to make sure your information on Brush Country Claims’ systems is as secure as possible.