Big casinos aren’t the only ones that stand to lose from a cyberattack.

“It is inevitable,” says Russell Short, owner of Las Vegas-based cybersecurity company SYN Cyber.

“With the advent of AI technology, that’s going to help [hackers] craft more sophisticated phishing emails. And that’s the number one way of getting in,” he explains, adding that the popularity of working from home also brings new network vulnerabilities to businesses.

Short’s company is a managed service provider that helps with network and cloud security, IT support and security awareness training. He shared a few tips to protect yourself and your business from getting hacked.

Know how to spot phishing and bad links

The No. 1 method of attack is phishing, Short says, which is why awareness is so important. Phishing is a form of social engineering that attempts to get users to give up personal information or click a link that contains malware. It can take the form of an email that appears to be from a legitimate sender, a phone call or text.

Even when surfing the web, users should always verify that a link will take them where they want to go.

“Say you’re looking for espn.com, or Amazon. It’s good to hover over the link and then in the bottom left corner, it’ll show the URL you’re going to. Double-verify to make sure that it is indeed going to amazon.com and not ‘amaz0n’ with a zero instead of an O, or misspelled words.”

The same goes for a link in an email—verify that it will take you where you want to go by hovering over the link and looking at the bottom left corner of the screen.

Strong passwords

You’d be surprised just how easy it is to hack an account with a weak password, Short says. Certified Ethical Hackers like SYN Cyber have tools that can be used to test the strength of passwords: “If they have a weak password—just a dictionary word and a number and one exclamation point—we crack those in under two seconds.”

Short recommends having a password with 10-15 characters that is not a dictionary word and has upper and lowercase characters and numbers. “If you remember your passwords, they’re not strong enough,” he says, adding that people should not recycle passwords for different accounts.

Password managers like LastPass or KeePass can automatically generate strong passwords and require you to remember only one password.

Verify emails and Wi-Fi networks

Sometimes hackers could disguise their email address as someone you know. “It’s called spoofing,” Short says. “With that, there will be a ‘Click this link’ or ‘Here’s the form’ … always something kind of catchy.”

To prevent falling into that trap, look at the full email address and not just the display name.

Any unexpected email asking for a password, personal information or asking you to click on a link should raise red flags. It’s a good idea to verify with the sender of the email that it’s legitimate.

“If you all of a sudden get a response on that email, and that conversation is done, always scrutinize that response,” Short says. “This happens a lot in businesses where an email goes dead … and someone responds saying, ‘Hey, here’s that link,’ and people aren’t expecting it but they still click on it. That would be where they spoof the display name, or [the hacker] got into that person’s email account.”

Free, unsecured Wi-Fi networks like those at casinos and coffee shops pose security risks. “I could create one … and name it ‘MGM guest Wi-Fi free’ so that people connect to my fake Wi-Fi access point. And then I’ll get all their information,” Short says.

To avoid this, verify the name of the hotel’s Wi-Fi network with the concierge or store. Investing in a Virtual Private Network (VPN) service gives an added layer of protection.

Multi-factor authentication

Multi-factor authentication—using multiple steps to verify the identity of a person logging in, such as sending a code to the person’s cell phone and asking them to enter the code in order to log in—helps keep businesses and individuals safe from a hack.

Sometimes this is done by asking an additional security question such as your mother’s maiden name. It’s a good idea to not give the correct information for those questions, especially for bank accounts. “I would give false names and just remember those,” Short says, because if someone knows or finds that information, they could easily get into the account.

Cyber insurance

Depending on the nature of your business, Short says, cyber insurance is worth considering.

“If you’re breached by ransomware, that could take your company down altogether,” he says. “[Insurance] is becoming more of a requirement by federal agencies. … And in order to obtain cyber insurance, it’s very important to have security hygiene in place. There’s a long list of requirements.”

Working with a managed service provider can help companies obtain cyber insurance, he adds.

Click HERE to subscribe for free to the Weekly Fix, the digital edition of Las Vegas Weekly! Stay up to date with the latest on Las Vegas concerts, shows, restaurants, bars and more, sent directly to your inbox!