Phishing and Other Dirty Data Tricks

Ask people to describe utility workers, and they’ll likely say things like “essential” and “hard-working.” But, what about a word like hygienic? Digitally hygienic, in particular. As the industry continues shifting analog operations into digital formats, employees at all levels of a utility company should be aware of basic digital hygiene practices. This way, the utility as a whole has a better chance of protecting sensitive internal and customer data.

Digital hygiene is a phrase used to describe practices and habits. These habits keep one’s information or data safe and secure. It can be the difference between keeping confidential data secure and allowing a breach. To help utilities who may need guidance in this area, we’ve put together a few basic tips. You can use them to deploy part of a digital hygiene training program for utility employees.

Learn to spot phishing attempts

“Phishing” is the term used to describe someone pretending to be a trusted entity to gain sensitive information from a company or individual. Essentially, the fraudster is placing a piece of “bait” and often a link that leads to a virus, in hopes that an unsuspecting computer user may click or “bite.” You may be familiar with this type of nefarious activity as a consumer. Employees of companies like utilities are also susceptible to phishing attempts. With one click of the wrong link, an employee can quickly put confidential customer or company data in the wrong hands.

There are a handful of giveaways that make it easier to spot a phishing attempt. Make sure your employees understand that these email addresses may closely resemble what looks like an authentic or reputable email address. But some may be slightly off. For instance, the sender’s email address could end in a different domain like .co instead of .com, or there may be a misspelling in the email address itself.

Practice safe email use

There are some general practices that every utility employee should adopt around email use. For instance, hovering over any links to confirm the link’s path will help employees avoid spam or fraudulent sites. Before opening or downloading any attachment, always make sure to verify the sender by confirming their email address is valid.

One of the hardest rules to monitor for, and the most important to enforce, is ensuring that employees are using their email for business only. Using business email for personal communications can leave a utility company vulnerable to fraudsters. Another critical facet of safety is prohibiting employees from using work emails on public Wi-Fi networks.

Related: Accountability is Everyone’s Responsibility

Institute multi-factor authentication protocols

Whether you’re logging into a specific portal or just accessing email systems, it’s in your best interest to institute multi-factor authentication protocols. This keeps your email and data safe by forcing the employee to take an extra step before being granted access. For example, after entering their password, the system might text the employee’s mobile device and ask for an additional password. This is a simple way to keep systems secure. A scammer with an employee’s password is unlikely to have access to their mobile device as well.

Selecting a multi-factor authentication vendor and platform will ultimately be the leadership’s decision. Frontline employees should understand the significance of the process., and also understand the rationale behind its application.

Establish strict password requirements

Multi-factor authentication safeguards data but it can’t do much with weak passwords. Software like LastPass enables employees to create randomized, strong passwords that won’t be easy to crack. Utility companies also can enact policies that require employees to change their password every 30 days. While some employees may find it burdensome, this practice is an effective way to safeguard data.

If your company decides not to use a password generator, the passwords employees create should be unique. They should include a mix of upper and lower-case letters, number(s), and special character(s). Implement these and other basic digital hygiene tips at your company and be better prepared to protect sensitive and confidential data from fraud.

Utility Partners of America has a proven track record of partnering with utility companies to improve and enhance their operations. Contact us today to see what we can do for you.