National Cybersecurity Awareness: 10 Tips for Cyber Survival During COVID-19
This National Cybersecurity Awareness Month (NCSAM) is unlike any other, thanks to the ongoing COVID-19 pandemic.
The month-long event helps educate and motivate individuals and organizations to take responsibility for their role in protecting cyberspace.
COVID-19 has impacted the security of virtually every industry. Remote working environments, education and health care are major targets for cybercriminals.
US Signal’s Trevor Bidle
Trevor Bidle is vice president of information security and compliance officer at US Signal. He said no one could have predicted the worldwide pandemic a year ago. Moreover, it has ushered in unprecedented technical challenges associated with a newly distributed workforce.
“Compounding this issue, 64,000 IT professionals are expected to have lost their jobs by the end of 2020, while cybercrime has quadrupled — leaving organizations short-staffed yet increasingly targeted by hackers,” he said.
Few Prepared for Remote Working
Raif Mehmet is vice president of EMEA at Bitglass. He said before the start of the year, the thought of a fully remote workforce seemed far-fetched for most organizations.
From a security perspective, the picture is concerning, Mahmet said.
Bitglass’ Raif Memet
“Today, across many organizations, corporate culture has changed dramatically,” he said. “Many people now access, share and store data in a variety of ways, using diverse services and devices. For this reason, it is now more important than ever for organizations to prioritize security and be cyber aware.”
Chet Wisniewski is principal research scientist at Sophos. He said despite this being the 17th NCSAM, most people still don’t have the security basics fully sorted out.
Sophos’ Chet Wisniewski
It’s important to continue sharing advice, he said. This month is a good reminder to change your digital lifestyles for the better long term.
Even if you already take security measures seriously, now is a great opportunity to share that knowledge with others.
Scroll through our gallery below for 10 tips for staying cyber-safe through COVID-19.
Everyone’s Under Threat
“In the days of old, only defense contractors, governments and spies worried about digital burglars hacking their way through layers of protection to get to the crown jewels,” Wisniewski said. “This is no longer the case. Organizations of all sizes have succumbed to what we call ‘advanced persistent thieves.’ Ensuring external-facing assets are secured is essential during this phase of remote work as attackers seem to favor breaking into remote desktop protocol (RDP) servers or exploiting vulnerabilities in VPNs, remote access gateways and even Microsoft's latest ZeroLogon vulnerability.”
Practice Password Hygiene
Passwords are your first line of defense online. And yet it's the first area where many fail, according to SonicWall. Follow the basics. Don’t reuse passwords; use a password management system. Furthermore, make sure you change default passwords on smart devices that connect to your network. Those include baby monitors, printers and Wi-Fi routers.
Recognize Phishing Scams
Phishing emails look similar to legitimate company emails and try to steal your information, according to SonicWall. They usually contain a link to a website asking for your login credentials, personal information or financial details. These websites are clever fakes which aim to take your information and pass it back to the cybercrooks behind the scam.
In general, if you are not expecting an email from that company, you should be suspicious. Also, watch out for misspelled words, suspicious links and anything not addressed directly to you.
Watch Out for Ransomware
Ransomware attacks attempt to extort money by displaying threatening alerts to victims. They typically demand a ransom to restore access to your system or files. Moreover, it all happens in a matter of seconds, according to SonicWall.
You click a link in an email or download a malicious document. In a few seconds, the bad guys encrypt all the data, leaving the victim just a few days to pay hundreds of thousands of dollars to get it back unless they backed it up. So, how can you protect yourself against ransomware attacks? Use an ad blocker, follow your employer's security protocols and always back up your data.
Be Wary of Wi-Fi
Staying safe on public Wi-Fi is important, SonicWall said. In general, don’t interact with websites that require your financial or personal details while using public Wi-Fi. You're best to keep those activities on secure home networks. Also, if you are using public Wi-Fi, avoid unsecure Wi-Fi signals and, where possible, connect using a VPN.
No Need to ‘Hack In’
Torsten George, Centrify cybersecurity evangelist, said if there's one takeaway for businesses, it's that cybercriminals no longer "hack in." Instead, they log in using weak, stolen or credentials they get from phishing.
“This is especially damaging when it comes to privileged credentials, such as those used by IT administrators to access critical infrastructure, which are estimated to be involved in 80% of data breaches,” he said. “So how can we reduce this number in October and as we move into the holiday season and 2021?"
Hit the Reset Button
Sam Humphries, Exabeam security strategist, says it’s time to “hit the reset button.”
“Without a doubt, a combination of training, organizational alignment and technology is the right approach to detecting and stopping security threats,” he said. “Effective training should help employees understand and buy in to the importance of cybersecurity. And in the bring-your-own-home (BYOH) world, organizations should broaden awareness efforts to include helping users secure their home environments.”
Personal Accountability
Employees, now more than ever, need to remain vigilant in protecting their organization, said Gijsbert Janssen van Doorn, Zerto’s director of technical marketing.
“Ransomware attacks can and will still occur, so cyber resilience is imperative,” he said. “With a 72% increase in ransomware attacks during COVID-19, organizations need to be prepared for the inevitable.”
Equip Yourself
With the shift to remote work shaping up to be long term, businesses can't afford to improvise with data protection, Mehmet said.
“Instead, organizations must invest time and resources into finding appropriate security solutions that are capable of securing data in a remote environment,” he said. “Fortunately, there’s a wide range of highly effective products and solutions like cloud access security brokers (CASB), and user and entity behavior analytics (UEBA) that can quickly provide visibility and control, no matter how geographically dispersed a workforce is.”
Thus, this NCSAM should be a reminder for organizations to equip themselves with the proper tools to avoid data leakage and other security risks, Mehmet said.
If You’re Hit
Finally, if a cybercriminal attacks you, don't panic.
“Second, report the crime to the FBI and hire a security rapid response team to join your IT security team to identify the source of entry and limit the damage ...” Wisniewski said. “Having relationships with law enforcement and trusted security experts in advance will help reduce the stress and expedite your response.”
I will add one more tip and is related to the IoT devices. These devices can help you a lot but their security is not. Some of these are easy to hack and once a hacker enters on your WiFi network is easier for him to access to all of your information.
People acquire these devices fast, but they forget about this essential part. The security. That’s why is necessary to get an IT professional that guides you on the process or at least reading some guides.