By Eric D. Morton
The amount of cyber fraud in today’s commercial world is shocking. I know a cyber-security attorney who works for a major financial institution. They deal with massive fraud daily. The sophistication and complexity of criminal activity is constantly changing. Furthermore, I have seen more and more targeted fraud aimed at small businesses. Sophisticated hacking techniques that used to be only used against large companies are now used against small businesses. The following recommendations are not just good practices in today’s world, they are essential. In today’s connected world, cybersecurity isn’t just for IT professionals — it’s everyone’s responsibility.
- Use Unique, Complex Passwords
Your password is your first line of defense. Use a unique password for each account, combining upper and lowercase letters, numbers, and special characters. Avoid using obvious choices like birthdays, names, or common words. Consider using a password manager to keep track of them safely. Do not use the same password for more than one account.
- Change Passwords Periodically
Even strong passwords should be updated regularly. Changing your passwords every few months reduces the risk of compromised credentials being used against you. If a site or service experiences a data breach, update your password immediately.
- Enable — But Don’t Rely Solely on — Two-Factor Authentication
Whenever available, enable two-factor authentication (2FA) for an extra layer of protection. This helps secure your accounts even if your password is stolen. However, remember that 2FA is not foolproof — your password remains the foundation of account security. Online criminals use complicated processes called “credential stuffing” in order to try to circumvent 2FA. Easy to hack passwords help those criminals to get around 2FA.
- Be Cautious with Emails
Phishing emails remain one of the most common ways attackers gain access to personal information. Never open attachments or click links from unknown or suspicious senders. Verify the sender’s address carefully — many phishing attempts mimic legitimate companies or colleagues. Often the address is off by a digit or letter that can be easily overlooked.
- Keep Systems and Software Updated
Cybercriminals often exploit outdated systems. Ensure your operating system, browser, antivirus, and other software are regularly updated to patch vulnerabilities. Turn on automatic updates whenever possible to stay protected.
- Manage Pop-Ups, Cookies, and Plugins
Pop-ups and certain cookies can track your online activity or deliver malicious content. Block unnecessary pop-ups and limit cookie tracking in your browser settings. Also, remove or disable unused browser extensions and plugins, which can create security gaps if not maintained.
- Company-Wide Standards Matter
Organizations should establish clear standards for internet use and define which browser extensions and plugins are approved. Employees should only install authorized tools that have been vetted for security. Whenever possible, companies should use enterprise-grade secure browsers, which offer centralized management, advanced threat protection, and better control over browsing behavior.
- Stay Vigilant and Educated
Cyber threats evolve constantly. Take time to stay informed about new scams, phishing tactics, and online safety best practices. A few minutes of awareness can prevent costly data breaches or identity theft.
Bottom line: Strong, regularly updated passwords, cautious online behavior, and secure company policies are the foundation of good cybersecurity hygiene. Use two-factor authentication to strengthen protection — but never neglect your passwords or regular updates. Stay proactive, stay informed, and stay protected.
Eric D. Morton is the principal attorney at Clear Sky Law Group, P.C. He can be reached at 760-722-6582, 510-556-0367, and emorton@clearskylaw.com.
