Some tips from our team to keep you and your data safe during the COVID-19 crisis
When adversity rears its head, opportunity knocks for scammers to take advantage of unsuspecting victims. Whether it is the result of global political events, a high profile crime or the death of a celebrity, users are more apt to fall prey to attacks when there is an accompanying event that might cloud their judgment or present a scenario outside the norm.
During these times, bad guys have an additional tool at their disposal which is to elicit an emotional response from their target through social engineering. When users’ guards are down, it can result in security lapses that may provide a vector to infiltrate a business’ critical systems. In fact, the FCC has recently alerted consumers to have heightened awareness when receiving phone calls.
In a scenario like the COVID-19 pandemic’s social distancing practices, there is an additional factor of people performing their jobs in unfamiliar environments outside of their workplace. The combination of emotional vulnerability and unfamiliar working environs can lead to a perfect storm of security exposure.
To help you keep your sanity and your security, we’ve assembled this guide that could help you avoid a breach or, at the very least, provide some peace of mind that you are doing the right things to protect yourself and your business.
1. Strengthen the Passwords to Your Home Devices
If you have a router, wifi extender or other network device in your home, there’s a good chance that one or more of those devices is pre-configured with a username and password like “admin” and “password.” These default settings can make it easy for ‘bad agents’ to access your network and, by extension, everything on it.
To fix this, review the devices on your network and ensure that the default password has been changed. Changing the default settings can usually be done in a few minutes time. If you find you’re missing a manual, a quick Google search should give you the information you need.
This advice applies to IoT (Internet of Things) devices, as well. If you have smart thermostats, lights, doorbells, garage door openers or cameras, make sure you have changed the default login settings.
2. Turn on Multi-Factor Authentication
Working from home typically entails logging into a number of online service providers. Depending on your role, you may use any number of cloud-based software, such as Microsoft 365, Google Suite, Quickbooks, WebEx, ADP, Slack, Adobe and any number of project management tools.
Take the extra step to secure your online accounts by enabling two-factor or multi-factor authentication when available. This type of authentication requires that you enter a code after your username and password have been verified. That code may be emailed to you, texted to you or may come from an authenticator app like Google Authenticator. That simple extra step will secure those accounts (and your data) considerably more than using a super strong password.
3. Know Your IT Team
It’s an old adage by now that you want to be on the good side of your company’s IT team. When you’re working from home, this is even more important. Make sure to have the contact information for your IT support person or team readily available. And consider giving them a call before you have any urgent problems. You can use the call to build rapport and to get their tips on keeping your systems secure and up-to-date at home.
4. Setup a Local Firewall
Firewalls control what data can flow into a network or computer. They do this by regulating what ports (essential connection points on a computer) are open and what type of data can flow through those openings.
At home, if you’re using wifi for your connectivity, your wifi router acts as a firewall for your network, allowing data to flow through certain ports or channels. But you also have the option to turn on your computer’s firewall. This will provide an extra layer of protection from any malevolent traffic on your network.
5. Update your anti-virus software
Check your anti-virus (AV) software and make sure it’s up-to-date. If you don’t have any AV software, install some immediately and run a full scan on your computer before continuing to use it. AV software won’t prevent all attacks but it can stop most attacks, especially the more ubiquitous ones.
6. Backup Locally
Acquire an external drive or USB drives (scan every USB drive with your updated AV software before using it) and back up your work documents locally. Do this even if you’re working in the cloud or your company is running centralized back ups. Use two backup drives, if possible, and rotate them every day.
7. Use a Password Manager
Maintaining strong passwords is a burden without a password manager. This burden pushes us to share passwords between services and to create passwords that are easier to remember. A password manager like Keeper, 1Password or Dashlane will simplify the process of creating, recording and using strong passwords.
8. Double Check the Sender Field
If you receive an email asking you to take any action such as opening a file, following a link or <gulp> initiating a bank transfer, take a moment to double and triple check the sender’s email address. It may seem so obvious it’s silly but email phishing is highly effective, especially when the emails are received at a time of stress like at the end of the day when you’re rushing to wrap things up. Savvy phishers will send emails that look exactly like they came from your bank or your client or your work colleague. Study the sender’s email address to find small variations in email address spelling or domain (like firstname.lastname@example.org) to root out the scams.