WatchGuard Blog

How to Not Get Haunted by Hackers This Halloween

Halloween is when the creatures of the night come out to play. It’s also spooky season for cybercriminals and scammers.  

Below are a few quick tips to avoid getting haunted this Halloween (and good ideas to keep in mind all year round).   

Make sure you know who’s behind that mask (or email address). 

Kids aren’t the only ones who don masks during Halloween. Cybercriminals often hide their identities or pose as someone you know to trick you into giving up your personal information and passwords or to click on a malicious link...which is no treat! If you receive a suspicious email about an urgent password change, making a payment to a supplier that can't wait, or anything else our of the ordinary, beware! Even if it comes what appears to be a known contact, it could be a phishing attempt.  

Verify the sender's address and, if in doubt, do not open or reply to the message. And don’t forget to warn others about those sneaky and suspicious emails that hit your inbox; if just one member of your team clicks on a bad link, your whole organization could get haunted.  

Share your candy, not your passwords.  

 We all struggle to remember our passwords and sometimes we fall into the trap of re-using the same one for many services, using similar passwords or storing them in insecure ways. But if a scammer gains access to one frequently used password, that can make it much easier for them to get into your other personal, financial and business accounts. So be generous with candy, but not your passwords. Use a password manager to generate and store unique, strong passwords (of at least 16 random characters) for every account.    

Keep the spooky monsters (and hackers) out. 

There’s a common theme in horror stories: scary monsters let themselves into a home through an unlocked window or door…and mayhem ensues. It’s unfortunately an all-too-common theme in cybersecurity, too. Many attacks could have been prevented if users and teams had properly updated and patched their systems. To a hacker, an unpatched vulnerability looks like an open door. In fact, a 2022 survey found that 57% of cyberattacks could have been prevented by simply installing the latest software and firmware updates.  

Let the right ones in. 

Everybody knows vampires can’t just walk into your house; they have to be invited in. But if you think of a password as an invitation, then a lot of vampires are getting into a lot of organizations by using stolen credentials. In fact, there as many as 24 billion stolen passwords available to buy on the dark web.  

One way to keep those vampire hackers out? Start using multi-factor authentication (MFA), both in your organizations and with all of the third-party services you use. MFA requires additional identity information before a user is granted access, so even if a hacker has your password, they can’t past the threshold of your network. 

Buddy up for safety (and protection).  

The cybersecurity threat landscape is getting scarier and scarier. As threats evolve and technology advances, it’s also getting harder for many businesses—especially those with limited IT or InfoSec resources—to effectively protect themselves on their own. By partnering with a managed service provider (MSP), you can get state-of-the-art-security backed by the insight of experienced cybersecurity professionals. By leaving the hard work of battling the monsters…er, hackers… to the professionals, you can focus on running your business.