If you have had any interaction with our team or our brand over the years, you already know that we are very security focused. A security-first mindset permeates our organisation, which is why we decided to ask members from across Webnames to share a cybersecurity practice that they recommend incorporating in 2023.
The diversity of advice reflects the broad range of expertise in our team, the recommendations from our frontline customer support team, software developers, and marketing professionals all zeroing-in on different aspects of cybersecurity awareness and risk mitigation that range from protecting devices to mindfulness in sharing information.
Cybersecurity is not set-it and forget it. It’s something to come back to and improve upon continuously. So when you see a list of recommendations, try not to feel overwhelmed and stymied. Begin with the low hanging fruit if that’s what feels manageable. Implement one practice each week. Just begin!
Whether you are approaching these recommendations with the mindset of a business owner or wanting to increase your personal cybersecurity, each successive action that you take will only increase your digital safety, heighten your awareness, and lower your risk for identity theft, ransomware, phishing and other threats.
Cybersecurity Tips from the Dev Team
Browsers
“Upgrade your web browser to Mozilla Firefox, the only completely free, open source, independent, full-featured web platform. Firefox makes it easier to install ad-blocking and privacy plugins, and is focused on keeping you safe online rather than treating you as a product to sell to advertisers. Mozilla offers versions of Firefox for every desktop and mobile platform, including Windows, MacOS, iOS, and Android.
The browser landscape today has coalesced around two main frameworks: WebKit (powering proprietary browsers like Google Chrome, Microsoft Edge, Apple Safari, and Opera) and Gecko (Mozilla’s rendering engine powering Firefox and Brave.) But 95% of people are using a WebKit-powered browser. That’s unhealthy for the open Internet; it increases the impact of security vulnerabilities, vendor lock-in, and unfriendly consumer practices.
If you want to go all-in on privacy, consider using Brave, an open-source fork of Firefox with an even more intense focus on security.”
* * *
Data Breaches
“I recommend checking your email addresses in https://haveibeenpwned.com/ once or twice a year. It’s super useful to find out if an email address of yours has been included in a data breach. If it has, you’ll want to change your login and password info for that email account and the service that experienced the breach – and ideally, do so using a trusted and reputable password manager app.“
Read more about what to do when your information is included in a data breach.
* * *
Malware
“Your computer can become infected with malware in a lot of unexpected ways, some of the most damaging malware can be the types that don’t actually do anything apparent and just quietly wait for their time to achieve their malicious purpose. These can be very broad such as data collection, or incredibly specific such as clipboard hijackers.
For this reason it’s a good idea to make a routine of doing basic malware scans, not just waiting for outward symptoms of infection. In my case, I like to do a scan at least once a week. If a purchased antivirus is not an option, Windows Defender is pre-installed on Windows 10 and 11 and is a good, but basic, malware scanner that will handle most threats.”
* * *
Wi-Fi
Exercise caution when making online transactions. Avoid doing online shopping or internet banking on free Wi-Fi, unsecure networks or untrusted devices. Check that the businesses that you make payments to are legitimate through the Better Business Bureau, and avoid making online payments with debit cards or any method that is directly connected to your bank account. Instead, make use of applications that provide an extra layer of protection such as credit cards and PayPal accounts.
* * *
Cybersecurity Tips from Customer Support
Password Management
“Maintaining good password hygiene across your work and personal accounts is one of the best things you can do to protect your organisation and yourself from cyberattacks and data breaches. Here are three things I recommend that everyone do:
Always use a password manager for both work and personal applications and services, including its recommended passwords which are unique for each account. Once you get over your initial resistance, it makes managing your logins so much easier in addition to more secure.
Use 2FA or MFA everywhere you can. While Two-Factor Authentication is a security measure and not a fail-safe, it vastly enhances the security of your accounts.
Don’t share passwords with anyone – colleagues, family, or friends. Most people reuse the same password or a close variation across multiple services, so sharing them exponentially increases your risk.“
* * *
Password Complexity
A lot of people struggle with alphanumeric passwords. They are just harder to both create and remember. People typically end up using one of a few predictable patterns when creating their them. That’s why I’ll often suggest using passphrase instead – they often work better for people because they are sufficiently complex but also memorable. Two of my favourite password generator services include useapassphrase.com and dinopass.com (choose the “strong” option) – the latter generates more graspable alphanumeric passwords for services that don’t support passphrases.
* * *
DNS Security
“When I’m helping someone with their DNS records, I like to recommend a couple simple record updates to strengthen their DNS security. First, add an SPF record to all your domains, even those that you’re not using for email, to help prevent email spoofing.
Also consider adding a CAA record to your DNS to prevent unauthorised SSL certificates from being issued on your subdomains or even your root domains, especially if you are a larger organisation or have This is sometimes done by bad actors to make a website look legitimate when they hack the DNS to reroute it to another destination. While CAA records aren’t a silver bullet to anything, they are part of a defense in depth approach to security.“
* * *
Malware & Spyware
“Malware is still rampant on the web. Infections remain a big issue for people, slowing down their devices, causing system crashes, etc. People typically pick up malware from visiting iffy websites, downloading legitimate and illegitimate software from unverified sources, opening email attachments, clicking pop-ups and more. So here’s my security tip: “Think before you click”. Avoid visiting unknown websites or downloading software, or anything, from unfamiliar websites. Take the extra step of searching out reviews and information of a website before installing anything off of it. If you receive an email attachment, be super careful before clicking it – triple verify the source’s legitimacy. And of course, run regular malware scans on your computer so anything you might have picked up is caught early.
Don’t put off running your software updates! Outdated software can put you at a higher risk for exploits, bugs and other vulnerabilities. This pertains not only to the OS’s of all your devices, but apps as well, so keep them both updated.“
* * *
Phishing Prevention
“Phishing is such a huge problem that it never hurts to review some of the tell-tale and not so obvious signs. Most people know to steer clear of anything trying to drum up urgency or using pressure tactics. Same goes with “prizes” or requests to login to a service if you didn’t initiate a password reset. I also like to tell people to be cautious of unexpected and unanticipated emails, even if the organization and sender seems familiar. Always hover over the “Sender” to see the actual email address. Same goes for any embedded link – hover over it and check the legitimacy of the domain name or verify with the sender directly that the email came from them.”
* * *
Cybersecurity Tips from the Marketing Team
Data Security
“Marketers and small business people deal with a lot of sensitive customer and business data in different online software applications. Bad actors know the value of the data stored in marketing applications and are constantly looking for vulnerabilities to exploit them. To protect this data, I recommend using a password manager, password manager generated passwords, MFA and a VPN whenever possible – all of which is good practice regardless of whether you are a marketer, business owner or personal user.
Also research reviews, security ratings, and any past compromises that CRM,CMS, marketing automation, email marketing or analytics platforms might have had, in addition to their security features and policies before importing or syncing your data. Strictly limit and/or claw back who has access to CRM, email marketing and business analytics platforms. If you work with contractors, always get an NDA and Data Security agreement signed before granting access.“
* * *
Social Media Risks
“Social media is a digital marketing necessity that is full of cybersecurity risks. As a marketer or business owner who is managing your brand’s social media presence, it’s important to be aware of the following threats and vulnerabilities.
- Imposter accounts that assume the identity of your brand/business, an executive, or even customer support department are a big problem on social media, so consistently monitor your brand on platforms to catch impostor accounts and issue takedown requests before they can do damage.
- Sharing the identities of team members, company events, etc., on social media comes with a risk. Yes, it resonates with your followers, creates trust and shows you’re authentic, but it also makes you more vulnerable to reconnaissance attacks whereby bad actors collect information to use in targeted social engineering attacks, business email compromise and various types of phishing exploits. Have a social media policy in place that details what content and corporate information is acceptable to share and what isn’t to lower your susceptibility to impersonation, identity theft and disinformation.