by Felicien | Apr 15, 2020 | Education
Cybercrime Spikes During Coronavirus: Tips to Protect Your Business
Learn why cybercrime tends to spike during times of global crisis. Get tips on how to protect your tech environment from cyber criminals during the coronavirus.
Right now, people are hanging onto every news story about the coronavirus. They’re checking social media more than usual. They’re setting up home offices, learning how to use new collaboration tools with their colleagues, or trying to figure out what to do in the absence of income.
They’re also dealing with their kids being at home all day and wading into homeschool. On top of all this, they’re worried about the spread of the virus and its effect on the economy. While everyone is stressed, busy, and distracted, cybercriminals are focused and ready to go.
Cybercrime Spikes During Coronavirus
Cyberattacks almost always spike during times of global crisis, and right now, the Federal Bureau of Investigation reports that the coronavirus is no exception. Scammers are hacking into databases, sending out phishing emails, and leveraging the pandemic to convince victims to make donations to fake organizations or buy counterfeit personal protection equipment.
Analysts speculate that cybercriminals will cause $6 trillion in damages in 2021, and in 2020, damages are mounting as criminals take advantage of this situation. Research indicates that phishing emails have increased by 667% since February — that’s a seven fold increase in just a few weeks.
How to Protect Yourself From Cybercrime During the Coronavirus
Being aware of the risk of cybercrime is the first step. While many people think they are immune, no one is free of this risk — in fact, cybercriminals spend a lot of time targeting small businesses and organizations. To protect your business, practice these security essentials.
1. Be hyper-vigilant of incoming emails
As indicated above, phishing emails are on the rise. Cybercriminals are relying on people to have their guard down, and you and your employees need to be vigilant.
A lot of these emails contain dangerous attachments, while others include links to malicious websites. Never open an attachment or click a link from an unknown sender. If the sender looks familiar, take a few extra minutes to verify their identity. Scam artists often make their emails look like they’re coming from someone you know or from an organization like the Centers for Disease Control (CDC).
2. Secure all work-from-home computers
Another reason cybercrime is exploding right now is due to the unprecedented number of people who are working from home. If your employees are working from home, you need to take extra steps to secure your network.
Ideally, you should have your employees work on computers issued by your business. Home computers tend to be full of potentially dangerous videos, photos, or downloads.
Make sure all the computers your employees are using have a firewall that is turned on and configured correctly. Firewall misconfigurations can create extensive vulnerabilities in your network.
Finally, have your employees access everything through a virtual private network (VPN). A VPN encrypts all the data transmitted from their computers, creating an additional layer of security. Ideally, you should use a dual-factor VPN that requires your employees to enter their password plus an additional piece of verification such as a code texted to their phone.
3. Beef up your password strategy
Weak passwords threaten the security of your tech environment. Make sure your employees understand the importance of never using easy-to-guess passwords such as 12345, Password, their own names, or details visible on their social media pages.
Additionally, they shouldn’t let their browsers store passwords. Instead, you may want to look into a password manager such as LastPass or 1Password. These applications store passwords, but they can’t be accessed as easily as most browsers.
Cybercrime can cost you money, reduce your productivity, harm your reputation, and cause other types of damage to yourself, your employees, and your business. To reduce your vulnerability, contact a cybersecurity professional. They can help you identify the processes, products, and practices you need to stay as safe as possible, especially during a global crisis.
by Felicien | Apr 12, 2020 | Education
How to Protect Your Business From the Surge in Phishing Websites
Look at the spike in phishing websites during the coronavirus. Learn how cybercriminals are leveraging the pandemic. Find out how to protect your business.
As the entire world is worrying about the coronavirus, cybercriminals are taking advantage of the global crisis to line their pockets. Google reports that there has been a 350% increase in phishing websites in the last two months alone. This threat is genuine, and you need to take steps to protect yourself, your business, and your data.
What Is a Phishing Website?
Phishing websites are designed to steal your information, but they can work in a variety of different ways. For instance, a cybercriminal may make a website that looks like your bank site. You think the site is real so you enter your username and password, and then, the criminals have everything they need to access your account.
Similarly, a phishing website may look like it’s for a charity helping people with the coronavirus. Still, in fact, it’s just a scam designed to steal money and credit card information. In some cases, phishing websites download malicious files to your computer when you visit them — once executed, these files may encrypt your data until you pay a ransom, copy all your keystrokes, or steal information from your computer in other ways.
Rise in Phishing Websites During the Coronavirus
In January, Google reported that it knew of 149,000 active phishing websites. By February, the number almost doubled to 293,000. As the virus began to take hold in the United States in March, the number increased to 522,000. That’s a 350% increase since January.
During the coronavirus, the most significant increases in phishing sites have happened during the most stressful times. The most significant day-over-day increase occurred on March 21st, the day after New York, Illinois, and Connecticut told their residents to shelter in place. The second-biggest increase? March 11th, the day the World Health Organization declared the virus as a pandemic. Both of these days saw about a threefold increase.
Unfortunately, no one is immune — one survey indicates that 22% of Americans say they have been targeted by cybercrime related to COVID-19.
Critical Strategies for Protecting Yourself From Phishing Websites
To protect yourself and your business from phishing websites, you need to take a multi-pronged approach. Keep these essential practices in mind:
Educate your employees about the risks of phishing websites. Send out a newsletter, set up a training session over videoconferencing, or find another way to talk with your employees about how to protect your business from phishing attacks.
Don’t click on links in emails from unknown senders. A lot of cybercriminals use phishing emails to direct users to their sites. If the email appears to be from someone you know, double-check the sender, and consider reaching out to them directly before clicking on any links.
Invest in quality cybersecurity tools that block malicious websites, prevent your computers from executing approved applications, or protect your network in other ways.
Be aware of the signs of a phishing website. These may include misspelled names of companies or charity organizations or forms that ask for information you usually don’t provide. For instance, a phishing website trying to steal your bank details may ask for your username, password, and PIN, while your bank’s actual website only requests your username and password.
Advise your team to be selective about the websites they visit. Ideally, if they are searching for information on the virus or trying to donate, they should go to sites that they know and trust, rather than going to unknown websites.
Work with a cybersecurity specialist. They can help you safeguard your network, which ultimately protects your money, your data, your business, and your reputation.
To stay as safe as possible from cybercrime during the coronavirus, you need to be aware of the heightened risks. If your team is working remotely, your network is likely to be even more vulnerable than usual.
To get help, reach out to a cybersecurity expert. In essence, they can guide you toward the right products, scan your network for vulnerabilities, and take other measures to ensure you are as protected as possible.
by Felicien | Apr 8, 2020 | Education
How to Protect Your Phone From the Coronavirus
Find out how long the coronavirus can live on your phone. Learn how the coronavirus gets onto phones. Get tips on how to clean your phone or other devices.
Around the world, people are taking unprecedented measures to protect themselves from the coronavirus. Schools and businesses have closed, and many people are sheltering in place, only leaving their homes for essentials.
While you may already be taking many of these precautions, you also need to be aware that your phone could be harboring the virus. Keep reading to learn how to protect yourself.
Can the Coronavirus Live on Your Phone?
Research indicates that the coronavirus can live on inanimate surfaces such as the metal or glass of a phone for up to nine days. If you’ve handed your phone to a friend to watch a video, had your phone in the vicinity of coworkers or other people, or even just held your phone after touching potentially infected surfaces, you need to clean your phone.
Even if your phone hasn’t been anywhere in a while, you should still clean it. This can be especially important if you are a senior or are immunocompromised or if you let your children use your phone.
How the Coronavirus May Get on Your Phone
Because people use their phones so much, they’re likely to touch their phones without even thinking about it. To illustrate, imagine you’re in a store grabbing groceries. You are very careful not to get within six feet of other shoppers and of course, you sanitize the shopping cart before use.
However, you end up touching items on the shelves or the credit card machine while you are paying. If someone with the coronavirus has touched these surfaces or coughed near them, these surfaces may harbor the virus.
After touching these surfaces, you are aware that you may have picked up some germs on your hands so you avoid touching your face until you can sanitize your hands, but you still reach for your phone to use mobile pay, check your bank balance, or to look at a text. While doing those routine tasks, you potentially put germs onto your phone.
In other cases, the spread of germs to your phone can be much simpler. For instance, you walk into a store, touch the door handle, and then pull out your phone. People are so used to checking their phones frequently that they are often overlooking these risks.
Why You Shouldn’t Touch Other People’s Phones
Additionally, a lot of people bring their phones into the bathroom, and the coronavirus can be transmitted by fecal matter just as easily as it spreads with droplets from your mouth.
To protect yourself, avoid touching other people’s phones. If you work in an industry where you have to touch people’s phones — for instance, if you work in phone repair or handle tech support for a business — you should wipe off phones or devices before touching them.
How to Clean Your Phone
Now that you see how easily these germs may get onto your phone, check out these tips for properly sanitizing your device.
Find a sanitizing product. If you don’t have hand sanitizer, you can make a solution with 0.1% bleach or 62% to 71% ethanol and water. You can use Clorox disinfecting wipes or similar products safely on most phones, but you should not use aerosol sprays, pure bleach, or abrasive cleaners.
Put the cleaner on a soft cloth. Don’t apply it directly to the phone.
Wipe off the phone with the sanitizing wipe or a microfiber rag moistened with cleaner. Throw sanitizing wipes away after use, and put rags directly into the wash. Keep in mind those items may harbor germs so you want to avoid reusing them or putting them somewhere they could spread more germs.
The coronavirus is more contagious and significantly more deadly than the flu. People are also contagious for quite a while before they show symptoms. As a result, you need to take protective precautions very seriously, and you should make sure your phones or other devices are as clean as possible.
by Felicien | Apr 7, 2020 | Education
What Is Two-Factor Authentication (2FA) and Why Does it Matter?
What is two-factor authentication (2FA) and why does it matter? If you are unfamiliar with this extra layer of protection for all of your logins, keep reading.
It’s no secret that we live in a time where access to laptops and smartphones is so prevalent. Almost everything we do in our daily lives has some sort of connection to these devices, leaving us vulnerable to hackers and scammers who want access to our personal information.
Thankfully, there is a way to help protect yourself. Two-factor authentication (2FA) provides an extra layer of security over what a traditional password offer. Here is what you need to know about two-factor authentication and why it matters to businesses.
Why is Digital Security as a Whole So Important?
Before we can discuss 2FA, we really need to talk about a few of the basics as to why digital security is so important. As individuals, the main reason to practice good digital security habits is to protect your personal information. But for businesses, the benefits of taking extra steps to ensure information is secure is two-fold. Not only does this keep private information of your employees and companies safe, taking additional security steps to protect your customer’s digital data builds trust. That’s why it is important to take measures like implementing 2FA.
What is Two-Factor Authentication (2FA)?
That said, let’s discuss what two-factor authentication (2FA) actually is. This is an extra layer of protection that requires users to prove that they are who they say they are by providing a second set of identification credentials.
How it works is that the user puts in their basic login and password. Then they are immediately required to provide an additional piece of information. This information generally falls into one of three categories:
Something you know, such as a PIN or a second code;
Something you have in your possession, like a credit card you can type in a number to or a smartphone that you can receive a text message on;
Something you are, which includes a fingerprint or use of a biometric device.
In most cases, using 2FA on your website or internal desktop will require just the something you know category. Only in extreme cases with especially sensitive data needing protection will companies often utilize the other two options.
What Are the Different Types of 2FA?
Now that we’ve talked about the basics of 2FA, it is a good idea to talk about the types. There are literally hundreds of options for how you can implement this type of security measure, but some are a bit more common than others. The most used types include:
Hardware Tokens: This is usually a small fob or device that produces a code when a user tries to login. The user must then input that number on their screen. This is usually the least preferred option as the fobs are cost prohibitive and easily lost by users.
SMS-Based and Voice-Based: This is where a user receives either a one-time token via a text message or a phone call. With SMS, the user must input the keycode onto the screen to gain access. For voice, the user must verbally say the passcode when prompted during the call. Both methods are extremely common and many companies are opting for their use.
Software Tokens: The most popular 2FA method is a software token. This is where the user must install a special application on their phone and use it to gain access when attempting to login.
Push Notifications: Alternately, you can also opt to use a push notification as part of 2FA. When the user provides their login information on the screen, a special notification is sent to their smartphone. The user must then approve the popup on the phone to continue.
In short, it is always a good idea to take extra precautions to protect systems and data. Two-factor authentication (2FA) ensures information is much more secure than traditional passwords by adding a layer of security. For most businesses, this is a good idea that protects both sensitive data and builds trust with customers.
by Felicien | Apr 5, 2020 | Education
Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform
As the usage of Zoom has skyrocketed during the coronavirus outbreak, the company has had to respond quickly to security flaws and potential phishing attacks
As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool.
The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. For context, the company noted that as of December 2019, the most significant amount of daily users was 10 million. In March, that number ballooned to 200 million.
How Are Hackers Exploiting the Zoom Platform?
For many exploits, it starts with a website.
According to Check Point, more than 1,700 domains had been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.
Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.
It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.
“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
What Is Zoom Doing to Protect Users?
Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:
Zoombombing. Multiple incidents of zoombombing have arisen in recent weeks. Uninvited visitors to online sessions have gained access and harassed participants by playing music loudly, displaying pornography and disrupted sessions. That’s led to more explanations of passwords, muting controls and sharing settings
Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If chatters used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed
Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information
Privacy Issues. The company removed features, including the LinkedIn Sales Navigator app and attendee attention tracker, to address privacy concerns. It also issued updates to its privacy policy
The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”
How Can You Protect Zoom Users from Cyberattacks?
Here are some tips to ensure that Zoom users are protected:
Use password features to require meeting attendees to log in before being allowed access
Update the software. Users should be alerted that upon finishing a meeting, the software will check to see if an update is necessary
Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice
Be careful about recording meetings. The recording sits in a file, either online or the host’s computer and could be stolen
Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.