We are living in unprecedented and challenging times. During such times, there are always well-intentioned people who step up to help. However, there is a smaller minority that sets out to take advantage of others. They exploit fear and uncertainty and do what they can to steal or profit from people who are most vulnerable and anxious. It is crucial to avoid a cybersecurity incident from happening. The cyber domain (Internet, computers, email, cloud) provides these corrupt intentioned individuals or groups a global reach to pursue their dastardly deeds.
Stay Vigilant During Cybersecurity Incidents
Under “normal” circumstances, we all need to be vigilant and aware of any cybersecurity incident that may occur. However, the ever-evolving digital landscape has created a ‘perfect storm’ for bad actors (cybersecurity parlance for any individual, group, state-sponsored, or criminal organization with evil intent) to exploit:
Remote Work
Large and small companies have had to adapt to remote access to company applications and data. In doing so, many organizations have had to take some shortcuts and have not done their due diligence in ensuring this connectivity is reasonably secure from external threats.
Email-based Attacks
Phishing and spear-phishing are social-engineering tactics and common means of gaining unauthorized access or stealing information such as user credentials.
Fear, Uncertainty, and Doubt (FUD)
Generally, this is the means of exploiting humans via their emotions. FUD is not a new phenomenon and has been used by bad actors for millennia, but the cyber landscape just amplifies it (social media, global interconnectivity, and reach). Again, this is social engineering, where bad actors actively seek to use FUD to get a reactive response, such as a person clicking on an embedded URL/link in an email or a Word document with malware (phishing).
Information Seeking
People constantly seek answers to various questions and concerns. Bad actors take advantage of these topics to hook people into responding. Many guards are down because of the sheer volume of information and distractions.
5 Tips to Reduce the Likelihood of a Cybersecurity Incident
As a cybersecurity professional that has been on the frontlines of these challenges for many years, there is no one answer or magic security technology that will spare us from these cybersecurity incidents. The one common point in all of it is the human, which also happens to be often the weakest link in the security chain (for reasons touched on, above); and the need for continued education and awareness. People often ask me, “what can I do, or should I do to protect myself and my family from cyber threats”? The following are 5 tips that one can do that if practiced regularly, can significantly reduce the likelihood of you becoming a breach statistic:
Verify EVERYTHING—trust nothing! If you receive an email asking you to open, click, input your user id or password (credentials), check the tracking of a shipment (via a link), update your account information, etc., VERIFY it. Call or go to the website if you believe it may be valid, else delete the email. Again, bad-actors are waiting for you to simply click or react at the moment based on an impulsive reaction. Pause, review, and VERIFY!
Update software
Configure automatic updates for your laptop operating system, applications (such as Office 365), and other apps (e.g. Adobe, Chrome browser, etc.). Maintaining and patching your systems(s) and apps significantly reduce the potential for a bad actor to hack or exploit a known vulnerability.
Passwords
Do not reuse/share passwords across various accounts such as business/company, personal (e.g. Bank or credit card), or media (e.g. Netflix). It’s not fun to manage all of the user id and passwords and become a real burden, but you can use a password manager tool, or search for password manager reviews via your favorite search engine). Stolen credentials are very common. If you use the same password across various systems or apps, you have greatly simplified the bad-actors achieving their goal AND increased the likelihood of being breached and suffering things like identity theft.
Admin
Change default admin/access default account passwords on home devices such as Wifi routers, TVs, home appliances, and anything with Internet connectivity. Also, use encrypted connections and VPN.
Protection
Use endpoint antivirus/anti-malware protection software and keep it up-to-date. This will not stop everything, but will help to provide some protection and become all the more effective when paired with the practices noted above.
Conclusion
While we are in these challenging times, I am confident that together through sharing our experiences, staying connected, and helping one another where we can, we may come out of this time with an increased level of vigilance, tenacity, and hope for a brighter tomorrow. May you (and yours) be well and let us avoid these cybersecurity incidents!
To learn more about Cybersecurity, check out Emtrain’s courses and microlessons on Cybersecurity in the workplace.