Cybercriminals are using phishing attacks to prey on coronavirus fears and targeting organizations with more remote workers and fewer IT and security staff.
As a reminder:
- Check sources of all emails and double-check attachments or links before opening them. Hackers are generating content that mimics legitimate sources like the World Health Organization. Instead of opening an email, go to the official website for updated information.
- Beware of plug-ins or pop up messages asking for your login and password
- Spearfishing campaigns are where they impersonate a CEO or other senior Level executive and ask you to supply information or request you to take action.
- Watch for misspelled words; questionable email address; unsecured domains and websites
- Keep your work data specifically on your work computer, this ensures your data is staying on a device that is secure.
- Update your passwords to be random or unique – If you have participated in any Facebook get to know you questions make sure you are not using the same info like passwords.
- Do not use public Wi-Fi - use a personal hotspot instead of connecting to an open connection that anyone can access.
- Clicking without thinking can be costly, just because you can click doesn’t mean you should. Malicious links can do a lot of damage, make sure links are from trusted senders before clicking
- Never give remote access to your device/computer unless it is an approved source (i.e. IT department).
- Keep up with updates on all devices (iPad, cell, laptop)– security patches can be annoying, but consider them the lesser of two evils when weighing up rebooting your device versus putting yourself at risk for malware or other computer infections.
- Secure your mobile device – use strong passwords and biometric features. Turn off your Bluetooth and download with caution. Don’t forget to update the apps for security flaws, remove apps that are not being used.
- Backup your data, not always is the goal or malicious threats and hackers to steal your data – sometimes the goal is to encrypt it or erase it.
- Beware of social Engineering – this is the area of exploiting human psychology rather than data. This includes receiving a phone call where a person poses as an IT person tricking you into giving up your password. Before you give any information over the phone verify first.
- Ensure you dispose of physical papers in a secure manner – your home environment should have the same restrictions as your work office.
- Linked in has courses on practical cybersecurity (work and home) that you can view here.