National Cybersecurity Awareness Month: Protecting Your Online Presence During COVID-19
By Anthony Murray and Christopher Lombardo
October is National Cybersecurity Awareness Month, which was launched in 2004 by the National Cybersecurity Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance. This year more than ever, cybersecurity is extremely important in keeping individuals and companies safe when online. Protect your online presence this month and beyond by following the tips below.
Connect and Protect
In today’s world, the line between our online and offline lives is no longer clear. While this situation creates opportunities, it also creates many challenges for individuals and organizations around the globe. To reduce your security risk, make sure to regularly update your security software, browsers and operating systems. And set up auto-updates for all of your home devices, so they are always up to date.
All internet-connected devices are a possible entry point for a cyber criminal. Therefore, if you connect it, you’ll need to protect it. For example, earlier this year Ring doorbells were hacked because updates were not applied and strong passwords were not used. Examples of such devices include GPS/distance trackers, fitness and medical monitors, Wi-Fi enabled baby monitors, home security cameras, climate and lighting control systems, and smart appliances. Though we may not think about some of these things being susceptible to hacking, they are often targeted by cyber criminals. To stay safe, keep your devices up to date, frequently change your password and even update your home network security.
Links in emails, tweets, texts, posts, social media messages and online advertisements are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links for downloading anything that comes from a stranger or that you were not expecting. If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from, even if the details appear accurate, do not respond and do not click on any links.
- Follow your gut. If it doesn’t look right—the message is too good to be true, for example—trust your instincts.
- Is the message directly aimed at you? What does the salutation say? Could it be sent to anyone? Of course, knowing your name isn’t always a sign that an email sender can be trusted, but not knowing is a good starting point.
- What are they requesting? Spoofed emails are finely crafted to trick you into giving up your login information for important sites, like your bank account. Have a level of distrust and don’t blindly click a link to log in to important accounts without verifying the URL is correct.
- Are they trying to scare you? This is a favorite tactic for hackers. Maybe they’re telling you your account has been breached, or a payment was rejected. They want you to take action without thinking. Don’t be fooled. Take a moment and think things through.
- How’s their spelling? Yes, the bad guys are getting better with grammar, but poorly written messages are still a sign something is phishy.
2020 saw a major disruption in the way many people work, learn and socialize online. Our homes and businesses are more connected than ever. With more people now working from home, these two internet-connected environments are colliding on a scale we’ve never seen before, introducing a whole new set of potential vulnerabilities that users must be conscious of. Week 2 of Cybersecurity Awareness Month will focus on steps users and organizations can take to protect internet-connected devices for both personal and professional use.
- P@s$w0rds_d0n’t_hav3_2_b_th!s_Complic@teD! Seriously, who can remember that? Make your password a passphrase. Remember that length trumps complexity when creating a strong passphrase.
- When it comes to passphrases, it’s best to mix it up. Keep them long, easy to remember and unique for each account.
- No matter how long and strong your passphrase is, a breach is always possible. Make it harder for cyber criminals to access your account by enabling multi-factor authentication.
- Do all of your apps need to track your location? No! Take a moment now to configure the privacy and security settings of your apps and, while you’re at it, help someone in your household configure theirs.
- Do you know how many of your apps access your contacts, photos and location data? Time to find out! Configure your privacy and security settings to limit how much data you give away.
- Enable automatic app updates in your device settings so your software runs smoothly and you stay protected against cyber threats. Don’t ignore a software update. It can be what protects you from a cyber criminal.
- Keep all software on all internet-connecting devices current. This improves the performance of the devices and your security.
- Rules for keeping tabs on your apps: 1) Delete apps you don’t need or no longer use. 2) Review app permissions. Limit how much data you share with the app. 3) Only download apps from trusted sources.
There are few people today who don’t have a social media presence. Cyber criminals know that, and they especially love it when you overshare on social media. They can learn all about you! Be cyber smart and make it harder for them by avoiding posting real names, places you frequent, and your home, school and work locations. Keep Social Security numbers, account numbers and passwords private, as well as specific information about yourself including your full name, address, birthday and even vacation plans. Disable location services that allow anyone to see where you are—and where you aren’t—at any given time. Connect only with people you trust. While some social networks might seem safer for connecting because of the limited personal information shared through them, limit your connections to people you know and trust. Remember, there is no delete button on the internet. Share with care, because even if you delete a post or picture from your profile seconds after posting it, chances are someone may have seen it.
We live in a world of facts and information that we use to form our opinions and make decisions. Sometimes those facts are incorrect, and we make poor decisions. But what if the information we receive is maliciously created to be incorrect?
Disinformation campaigns aren’t limited to individual victims and are often created by sophisticated groups. Organizations are often targeted, resulting in great harm. Here are three reasons why:
- Damage to reputation: Some attacks are intended to damage an organization’s reputation and create ill will with its customers.
- Financial gain: Some attacks are created to allow the scammer to profit financially. One example is known as a “pump and dump,” where false press releases and social media are used to promote a company and pump up its stock value. Then the scammer sells, or dumps, the stock for a large gain.
- Destroying public confidence: Some attacks are carried out by foreign actors, countries and individuals, looking to harm organizations in other countries and drive customers to competitors that they prefer.
How do hackers pull off disinformation?
- Bots: Bots, short for computer “robots,” are software programs that can perform automated tasks and can mimic typical online human actions, such as making, liking and sharing social media posts. Computers infected with malicious bots can be used to spread disinformation and inflate the popularity of selected posts and items.
- Deepfakes: Deepfakes are audio files, videos or photos that have been tampered with to look and sound like something they are not.
- Targeting: Targeting takes all of the information available about you and makes predictions about disinformation you might be receptive to.
- Trolls: Trolls are Individuals who deliberately say false things online to cause negative reactions, create controversy and ruin reputations.
This year, more than ever before, cybersecurity has played an integral part in the daily lives of many people. And though National Cybersecurity Awareness Month is observed during October, the advice provided here can and should be used all year round. Thought leaders are constantly publishing new best practices to keep you safe at home personally and professionally. As we continue to live in a virtual world, cybersecurity should always be top of mind.
I encourage you to register for our upcoming webinar, presented by myself and my colleague, Angela Rose, Security in a Virtual Environment: Protecting Your Workforce at Home.