Phishing and fraud is a growing concern in every part of our lives – both personal and professional. As an organization, DAT prioritizes the security of our products, data storage infrastructure, and corporate environments, but that doesn’t stop fraudsters from trying to reach users directly in order to compromise their accounts.
To help you flag suspicious behavior and stop fraud before it happens, we’ve compiled security best practices for your organization to ensure your DAT accounts are never compromised.
Look out for social engineering attempts
Of all security breaches, 82% involve a human element. Attackers have become experts in manipulation via social engineering, which includes phishing. It’s estimated that 71% of phishing attacks come from a lack of vigilance. Follow these tips to protect yourself and your DAT account:
Report and delete requests for personal information and passwords. If anyone requests this information, via any communication method, do not provide them with it. This is a scam. DAT will never call, email, or text individual users requesting their passwords for any reason.
Do not download files that you do not know. Scammers may send urgent communications requesting you to download an attachment. Take time to verify who the sender is and that the communication is legit before acting. Any official communication from DAT will come from an email address that is (at)DAT.com. Any variation of that is likely a scam.
Be on the lookout for suspicious hyperlinks. Social engineers will send hyperlinks in order to present a request for information, such as login credentials, or as a method to distribute malware. When presented with a suspicious hyperlink, hover over the link without clicking it to reveal the location. Also, if you receive an email asking you to log into your account, go directly to DAT.com.
If it looks suspicious, it probably is. If you have received these phishing communications: Do not click the link. Report the fraudulent communication through your organization’s security team and/or email service provider. If you encounter suspicious communication, report it to your security team. If you believe you have received a phishing email impersonating DAT, please let us know by sending a screenshot or send us the details in a new email. DO NOT forward the actual phishing email you’ve received from a bad actor. You can also reach us at 800-547-5417.
Use best practices for password security
Use longer passwords. According to the National Institute of Standards and Technology (NIST), this is the most important factor regarding password security best practices. DAT is in the process of implementing a fifteen (15) character password length to provide our customers with enhanced security of their accounts.
Avoid using basic dictionary words in your password. Hackers utilize algorithm based password cracking tools to attempt to brute force individuals’ accounts. By utilizing uncommon words, you can prevent these tools from being successful.
Use complex passwords. Utilizing a mix of complex characters (at least one uppercase letter, one lowercase letter, a special character, and number) also provides defense against password cracking tools.
Do not share or write down passwords. Never share your password with another individual, including a family member, and never leave your passwords written down on a sticky note or elsewhere on or near your machine. If necessary, utilize a secure password vault to store your passwords.
Set a lockout for unsuccessful login attempts. Setting a lockout for attempts (5 is recommended) protects against brute force attacks.
Secure your devices
Ensure that Enterprise grade antivirus software is installed, maintained and updated regularly on your company managed endpoints. Set your automatic updates on if you can. Hackers utilize tools such as keyloggers and spyware to obtain confidential information. Preventing this type of malware from being installed on your devices is critical.
Only access secure and safe websites. Refer to your organization’s Acceptable Use Policy for more information on appropriate use of the Internet.
Utilize firewalls to manage access.
Make sure that email filters are turned on.
Avoid using personal devices. Only access your DAT account from company managed devices that are equipped with enterprise grade anti-malware and other security related software.
Remember: DAT will never send you a link to click on for payment, for password reset, or credential access.
By following these best practices, you are providing a sound defense for your business. For more resources about phishing and fraud, visit the Cybersecurity and Infrastructure Security Agency website.
If you believe your DAT account has been compromised, contact us immediately at 800-547-5417. We take immediate action to investigate every claim and all bad actors.
