We are living in unprecedented and challenging times. During such times, there are always well-intentioned people who step up to help, but there is a smaller minority that sets out to take advantage of others. They exploit fear and uncertainty and do what they can to steal or profit from people who are most vulnerable and anxious. The cyber domain (Internet, computers, email, cloud) provides these corrupt intentioned individuals or groups a global reach to pursue their dastardly deeds.
Under “normal” circumstances, we all need to be vigilant and aware of cyber risks and threats. The COVID-19 pandemic has created a ‘perfect storm’ for bad-actors (cybersecurity parlance for any individual, group, a state-sponsored or criminal organization with evil intent) to exploit;
- Large and small companies have had to scramble there IT teams to support remote access to company applications and data. In doing so, many organizations have had to take some shortcuts and have not done their due diligence in ensuring this connectivity is reasonably secure from external threats.
- Email-based attacks: Phishing and spear-phishing, which are social-engineering tactics and a common means of gaining unauthorized access or stealing information such as user credentials – reference https://www.phishprotection.com/content/phishing-prevention/difference-between-phishing-and-spear-phishing/ for more specific details).
- Fear, Uncertainty, and Doubt (FUD in cybersecurity and IT…we love acronyms!): Generally, this is the means of exploiting humans via their emotions. FUD is not a new phenomenon and has been used by the bad-actors for millennia, but the cyber landscape just amplifies it (social media, global interconnectivity, and reach). Again, this is social engineering, whereas bad-actors actively seek to use FUD to get a reactive response, such as a person clicking on an embedded URL/link in an email or a Word document with malware (phishing).
- People are seeking answers, cures, treatment options, tracing and tracking of infection rates, etc. Bad-actors take advantage of these topics to hook people into responding. Many of their guards are down because there are so many concerns and distractions.
5 Tips to Reduce the Likelihood of a Cyber Security Breach
As a cybersecurity professional that has been on the frontlines of these challenges for many years, there is no one answer or magic security technology that will spare us from these cyber threats. The one common point in all of it is the human, which also happens to be often the weakest link in the security chain (for reasons touched on, above); and the need for continued education and awareness. People often ask me, “what can I do, or should I do to protect myself and my family from cyber threats”? The following are 5 tips that one can do that if practiced regularly, can significantly reduce the likelihood of you becoming a breach statistic:
- Email: Verify EVERYTHING—trust nothing! If you receive an email asking you to open, click, input your userid or password (credentials), check the tracking of a shipment (via a link), update your account information, etc., VERIFY it. Call or go to the website if you believe it may be valid, else delete the email. Again, bad-actors are waiting for you to simply click or react at the moment based on an impulsive reaction. Pause, review, and VERIFY!
- Update software: Configure automatic updates for your laptop operating system, applications (such as Office 365), and other apps (e.g. Adobe, Chrome browser, etc.). Maintaining and patching your systems(s) and apps significantly reduce the potential for a bad actor to hack or exploit a known vulnerability.
- Passwords: Do not reuse/share passwords across various accounts such as business/company, personal (e.g. Bank or credit card), or media (e.g. Netflix). It’s not fun to manage all of the userid’s and passwords and become a real burden, but you can use a password manager tool, or search for password manager reviews via your favorite search engine). Stolen credentials are very common. If you use the same password across various systems or apps, you have greatly simplified the bad-actors achieving their goal AND increased the likelihood of being breached and suffering things like identity theft.
- Admin: Change default admin/access default account passwords on home devices such as WifI routers, TVs, home appliances, and anything with Internet connectivity. Also, use encrypted connections and VPN.
- Protection: Use endpoint anti-virus/anti-malware protection software and keep it up-to-date. This will not stop everything, but will help to provide some protection and becomes all the more effective when paired with the practices noted above.
While we are in these challenging times, I am confident that together through sharing our experiences, staying connected, and helping one another where we can, we may come out of this time with an increased level of vigilance, tenacity, and hope for a brighter tomorrow. May you (and yours) be well!