Every business has an expectation to protect sensitive information, and every employee plays a key role in preventing cybersecurity incidents.

Below are five of the most common data security mistakes leading to data breaches. Employees should halt these practices immediately to reduce the likelihood of a breach.

Avoid Risky Cyber Behaviors

1. Do not open unsolicited, unexpected or suspicious attachments. Phishing is the most common avenue for criminals. Clicking on phishing attachments can lead to malware, ransomware, and stolen usernames and passwords.
2. Do not turn off important security settings. Security settings protect users from unwittingly doing something bad on their computer.
3. Do not use the same password for multiple accounts. The easiest way for cybercriminals to get into your email or bank account is to steal and use the same password from your Facebook or social media account.
4. Do not send sensitive data over unencrypted email. Email is an easy way for cybercriminals to intercept your communications, leading to a significant number of data breaches. Use encryption for emails with sensitive information such as social security numbers, financial data, or passwords.
5. Do not leave computers unlocked when you step away. Leaving your computer unlocked and unattended allows anyone to have free and open access. This can lead to someone stealing

Best Practices for Surfing Daily Emails

Critical Thinking. Do not take everything at face value. Before you open and click an email, think through these questions:

• Is the email from someone I recognize?
• Are the requests of the email reasonable?
• Am I expecting the email?
• Is the email using emotional gauges like fear or urgency to entice an action?

Always Hover. Before clicking any links in the email, hover your mouse over the link and the actual URL will appear. Double check to make sure the real URL is leading you to the right place — a legitimate website. For example, you don’t want to be clicking a link to ju-spandoo.de/82359/index.html. Hackers will also try to spoof the URL to look like the legitimate address. You want to investigate to make sure the domain is the same as the sender of the email.

What NOT To Do:

• Do not copy and paste the link into the URL section of your browser to check it. That’s the same as clicking the link.
• Do not forward a suspected malicious email to other people. You don’t want to further the potential damage, especially within your company.
• Do not open the malicious email on your mobile devices. They are not immune to malware and viruses.
• Do not solely rely on antivirus software. This protects against viruses with known signatures, but is susceptible to new malware.

At a time when technology and the risks associated with it affect everybody, is your business protected with data security and privacy coverage? Don’t put your business at risk of financial and reputational damage. To learn more about cyber liability insurance, contact your local Society agent.