• Be careful with the personal information you post on the internet.
Verify your online profiles. How much personal information can potential attackers retrieve? If there is anything that you do not want a scammer to see, do not post it and configure your privacy settings to limit what others can see.

• Do not use the same password on every account that you own.
Reusing passwords or password variations will give an attacker access to all of your accounts. Every password used should be different. Passwords with random phrases are the most secure.

• Update your software.
If your software provider notifies you that there is an update, do it. The majority of software systems include security updates protecting you from common attacks. Enable automatic software updates.

• Do not click on links in emails.
If an organization such as your bank sends you a link, launch your browser and go directly to the bank’s site instead of clicking on the link in the email. Verify the destination of a link by hovering your mouse over it. If the URL does not match the link’s anchor text or the stated destination, it could be malicious. Many spear-phishing attackers will obfuscate link destinations with anchor text looking like a legitimate URL.

• Use logic when opening emails.
If you get an email from a friend asking for personal information, check if their email address is one that you have seen them use in the past. Real businesses will not send you an email asking for your username or password, especially from a gmail account. Contact that friend or business directly or visit the business’ official website to find out if they actually contacted you.

• Implement a data protection program in your organization.
A data protection program combining user education around data security best practices and implementation of a data protection solution will prevent spear-phishing attacks.