Cybersecurity is something that most people know is important, but that few people practice, well. We have all seen reports of different companies, agencies, and online sites being “hacked”. It has become common enough that we just write it off as another inconvenience unless it affects us and our personal information directly. This attitude can cause us to become complacent and let down our guard.
We are all guilty. We are all vulnerable.
The Pandemic Effect
Currently, we are facing an unprecedented situation in our lives and the lives of pretty much everyone on the planet. The Covid-19 Pandemic has brought with it some new challenges to how we function in our everyday lives, and it has created some new challenges from a cybersecurity standpoint.
Not only are we seeing some new phishing scams (as well as some oldies that have started making the rounds again), but we are also trying to adapt to a more virtual work lifestyle.
As for the scams, I have seen or heard reports of everything from efforts to steal your Cares Act check to a car dealer who sent out fake stimulus checks in an effort to get people to try to “cash them in” at the dealership. Where do these people come up with this stuff?
I have also seen a large increase in phishing emails from some foreign dignitary that needs help transferring money out of his country and prizes to be claimed if you just pay the small processing fee. I thought we had all gotten past these emails, but I guess they are old enough that there is a new group of potential victims to try them on.
The Largest Cyberattack in History
With so many people switching to remote connections and working from home, there have been predictions that we are likely to see the largest cyberattack in history within the next six months. I don’t know if this is true, but it certainly is possible.
Many companies were faced with switching their workforce to remote operations, almost overnight. There was not lots of time to plan out the best security measures. This could mean that there are some gaping holes in the security of some of the biggest companies on the planet.
Actually, the larger the corporate workforce the company has, the better chance there is for problems. Too many weaknesses and too many people.
The biggest risk factor for most organizations lies in their workforce. The best security infrastructure can be breached with a simple bit of Human error. The simple click of a mouse can grant unauthorized access to the entire network. It has happened many times in the past.
In the tech support industry, there is a funny expression amongst the people who deal with fixing what is broken. They call it a PEBCAK error. PEBCAK stands for “problem exists between chair and keyboard”. That is a fun little way to say it was Human error.
The best way to stop many cyberattacks and especially phishing schemes is through education. Learning what to look for and how to deal with suspicious emails and links will go a long way towards keeping you secure.
If you are reading this, you are heading in the right direction.
What Can You Do to Deter Cyberattacks and Phishing Schemes?
There are lots of steps you can take to help yourself be safe from phishing schemes or cyberattacks. Here are some steps to consider and try.
Never open an attachment in an email that you are not certain is safe.
Like many items on this list, this should go without saying, but it still needs to be said. How do you know an attachment is safe? See below for more options.
Check the email address that the message came from to make sure it is really from someone you know.
Do not trust that the name is correct. That can be faked(spoofed). Often, the address may show a name you know, but an email address that is totally off. Do not trust that email. Also, “spoofers” are sometimes quite clever and try to use a fake address that looks a lot like a real address. For instance, email@example.com is not the same as firstname.lastname@example.org.
Do not click on a link in an email unless you know it is safe.
The same problem applies here as the step above. The works may say “click here” or “download document” or anything else that a scammer thinks will make you likely to click. On most desktop and laptop computers, you can hover over the link with your cursor and the link destination will show up below. Check it to make sure it is legitimate before you click. Scammers like to create look-alike links just as they do with look-alike email addresses. If the last thing in the link before the .com, .net, etc., is not the company you expect do not click. Google.com is legitimate, but google.xcerst.com is probably a scam, so do not click. Seriously, do not click that link I just typed. It could lead to something bad.
Test a link before you click it.
A good way to test a link is to copy the link location and paste it into a Google or Bing search box to see what shows up in a search. If the search results are sketchy or do not exist, throw it away and move on.
Do not click on an odd-looking link.
Do not click on an odd link, even if the message is from someone you know, and you have checked the email address for accuracy. I frequently get emails from people I know who have had their accounts hacked. The links usually look weird or there is no message other than the link or the message makes no sense. If something causes a “Red Flag” moment, play it safe.
A little paranoia can be a good thing in your online life. If it looks or feels off, do not trust the message or website.
Use strong passwords for your accounts and do not use the same password on other sites.
Random passwords with a mix of upper and lowercase letters, numbers, and special characters work best. Preferably eight characters long or more. More is better. Do Not use 1234, querty, or any word that is found in the dictionary. These will be the first thing hackers will try and it will only take them seconds to crack one of these passwords.
Use two-factor authentication when you can.
2FA is a great additional security level. Most of the time, you will log in and you will get a text with a code to add in a second step or you will use a code from an app on your phone, etc. It ties your login to a separate device, so even if someone stole your password, they would have to have access to the other device also.
There are other 2FA methods, but these are the most common.
Use security and antivirus software.
This one will help you stay away from bad places and may save you from a seemingly safe site that has been hacked and contains malware. Security software can be a second set of eyes for those moments when you are not paying as much attention as you should. It happens to us all.
Keep your computer software updated to the latest versions.
Often, the reason for a new version of the software is to fix a security issue. Old software equals trouble.
Keep good backups.
When all else fails and your computer or network gets compromised, hacked, or is being held for ransom by some malicious entity, a good backup will be a lifesaver. A lot of people and businesses are falling prey to ransomware hackers. These hackers get into your system, encrypt all of your data, and then demand a payment to restore your data to you.
The problem with this is that you cannot be sure they will do what they say even if you pay them. They are not the trustworthy type. If you have a good backup stored off of the network, you can just plug the security hole and restore your backed-up data.
These ideas are not a complete and comprehensive list. I likely have left off something that might apply better to your situation. Maybe you are already practicing all of these safe habits. If so, kudos to you. We all need to hear them again, anyway.
My point here is that there is no utterly secure network. Everything can be hacked with enough knowledge, enough patience, and a bit of cunning. If you are practicing these techniques, maybe you will not be the person responsible for the PEBCAK error that allows the system to be compromised.