How paranoid should you be about a cyberattack?

minute read

Last Updated September 29, 2023


*This blog is part of the May 2023 Thought Leader newsletter

Lee Pender headshot and byline

I got a call not long ago from the local hospital. My mom, who is in her late 70s, was due to have surgery there shortly, and someone from the hospital was calling me, as her emergency contact, to get her contact information. A woman’s cheerful voice asked in my voicemail for my mom’s phone number.

I started to call her back, but then I thought…wait. Could this be a scam? Why would the hospital not have my mother’s phone number? She’s been there before. Was this really someone calling from the hospital? Or was somebody trying to scam my mother through me?

Sure, the idea seemed a bit far-fetched, but since I spend a lot of time writing about security, my more paranoid instincts kicked in. I searched for the number that appeared on my phone. Then I searched for the number the woman at the hospital asked me to call.

They checked out. It all checked out. My mother had accidentally transposed two of the digits in her phone number when she provided it, and the hospital really couldn’t reach her. We got everything sorted, but the whole seemingly quixotic effort got me thinking: How paranoid should I be? And what should I do about it?

Paranoia: Destroyer or just good thinking?

If we turn to early 1980s popular culture for answers (as we should), we find competing perspectives. The Kinks called paranoia “the destroyer,” but Dr. Johnny Fever of “WKRP in Cincinnati” fame said, “When everyone is out to get you, paranoid is just good thinking.” And who am I to argue with a medical professional?

Of course, as is so often the case, the truth is somewhere in the middle. Nobody should live in fear, but the fact is that cybercriminals have developed all sorts of crazy ways to attack your firm, including:

  • Sending bogus email attachments that launch malware on your firm’s network.
  • Attacking security vulnerabilities in software that even the software publishers don’t know exist.
  • Pretending convincingly to be your boss or coworker in an email and asking you to transfer money or data to a bogus account.
  • Using artificial intelligence to fake videos, video chats, phone calls and even voicemails to make you think they’re someone they’re not.
  • Targeting your phone with instant messages that appear to come from someone you know but don’t.

None of this is going to get better anytime soon. It’s only going to get worse as AI (artificial intelligence) becomes cheaper, more accessible and more convincing.

So. Do you really have to worry about some sort of scam every time you pick up the phone or answer a text?

Probably, yes. But that doesn’t mean you have to live in fear. Breaking a few bad habits—or more to the point, forming better habits—can help you live and work more safely every day. So can moving your data and applications to the cloud, where experts handle security for you.

Good cybersecurity habits for peace of mind

There are a few things we’re all used to doing that we should stop doing as soon as possible.

The first is using email attachments to share files. You never know when an email attachment will be a little land mine that will blow up your network if you click on it and enable a cybercriminal to steal your firm’s data. Phishing attacks become more sophisticated all the time, and just one click could wreck your firm.

Email in general is a bit risky. Even a seemingly innocuous message from someone inside your organization asking for an account number or login information could be an attack in disguise. Always contact the person using some other method to make sure the request is legit, and if it is, don’t use email to respond.

Use a cloud portal instead to communicate and share files both internally and with your clients. When you run QuickBooks® Desktop and other key business and tax applications in the cloud, you can use a dedicated portal, protected by professionals, to securely share data. Moving away from email virtually neutralizes the threat of cyberattacks through phishing.

And if you’re still using USB or “thumb” drives to share data—stop right now! Those devices have been notoriously insecure for decades.

What happens when the phone rings or you receive a video call or voicemail from a client? If you’re expecting it, go ahead and take it. But if you’re not, it doesn’t hurt to call your client back immediately on a trusted phone number or to contact them using the cloud portal.

It won’t be hard to explain that you didn’t pick up because you’re just being careful about protecting the client’s data. If anything, the client should appreciate your vigilance.

The cloud as a safe space in a dangerous world

In general, if someone contacts you out of the blue, be suspicious—even if it’s someone you think you know. Call or text the person back on a trusted number. Re-initiate contact in the cloud portal. In fact, the more you use the cloud, the less paranoid you need to be about sending and receiving information. The cloud is a secure environment managed by professionals and dedicated for the use of your firm and your clients. It’s a safe space.

Was I too paranoid when I took 10 minutes to make sure the call from the hospital was real? With all due respect to the Kinks, I’m leaning toward Johnny Fever’s advice. Sometimes paranoia really is just good thinking. But in the cloud, you can find some peace of mind.

Subscribe to our blog

Get Rightworks articles delivered straight to your inbox.