Since the start of the global coronavirus outbreak, there has been a spike in cyber-attacks and therefore we must be extra vigilant.
IT security professionals have been working to diligently reduce the exposure of corporate assets to cybercriminals. These methods range from the simplicity of locking workstations while an employee is away from their desk to utilizing artificial intelligence that interprets Internet traffic anomalies. Following a commonsense approach to information security can significantly reduce the potential for loss due to cybercrime.
Just like following the guidance of health professionals to help protect yourself and others against COVID-19, these three tips can help you stay protected against the cybercriminals during this time.
Protect your Personal Information
The most common avenue for an attack is through Social Engineering. Often, threat actors will use strong emotional responses to trick you into providing them with information. If something is too good, or bad, to be true, then it probably is. Nowadays, emails, texts, and phone calls abound where the threat actor tries to entice you with some great benefit (free money, prizes, trips, etc.), or threatens you with some kind of negative consequence, to trick you into providing them with sensitive information.
Not long ago, I received a call from the “Social Security Administration (SSA),” where I was informed by them that the FBI was en route to arrest me. The individual on the phone assured me that SSA was aware of my innocence and sought simply to aid me in this trying hour. This person was attempting to use fear to scare me into providing personal details so that they would be able to use that information to my detriment and their gain.
Here are a few questions to ask yourself in these scenarios:
- Do I know the sender/caller?
- Does the name match the address?
- Is the subject out of character for the sender/caller?
- Am I expecting this?
- Does the destination match the content?
If you are unsure about any of these questions, call and verify that it is in fact not a threat actor. When in doubt, do not click or respond. Remember to always look at the details.
Protect your Applications
In 2017, the Equifax data breach exposed the name, social security number, date of birth, and home address of 143 million people. The breach occurred because hackers were able to exploit a known vulnerability of an unpatched application. The single most effective method to reduce exposure to cybercrime is to make certain that all applications are up to date. Cybercriminals take advantage of vulnerabilities present in older versions of applications. In a corporate setting, application updates are generally scheduled by system administrators. Although, personally owned mobile device applications also need to be updated as soon as updates are available.
Protect your Endpoints
An endpoint is anything used to run applications or to access data. The two most common endpoints are laptops and mobile phones. Not only is it vitally important to take the necessary steps to physically secure your mobile phone and laptop but it is also important to update the operating systems of endpoints. Cybercriminals may want access to your mobile device simply to gain access to corporate and personal contacts that they will then use in spam and spear-phishing campaigns against corporate executives.
Although you can’t stop cybercriminals from coming after you, you can take protective measures, such as these three tips, to help you avoid security breaches and work more securely and efficiently during these times.