The events of 2020 forced many organisations to transition to remote working arrangements, almost overnight. This was heaven for hackers, who took advantage of employees’ vulnerable home networks to infiltrate company systems. Staff are a key line of defence against hackers, so it’s critically important to equip them with training and tools to defend against attacks. Here are key actions we regularly share in training sessions to help staff identify and report technology security risks.
1. UPDATE VIRUS AND MALWARE PROTECTION
Hackers have bots searching the internet to find gaps in your home security. Unsecure Wi-Fi networks, old routers, and security cameras can be used to gain access. Therefore:
- make sure you have secure usernames and passwords on routers and firewalls at home. Some older routers have a standard password that MUST be changed
- ensure you have up-to-date malware and virus protection. You are only protected from new attacks if you have the most recent patches on your devices
- check the logs and make sure you can identify all devices connected to your internet. Most systems allow you to rename devices so you can detect unknown ones
- consider a home firewall, in addition to the router. This adds an extra layer of protection and most come with parental controls to help manage kids’ internet usage
2. BEWARE OF SOPHISTICATED PHISHING ATTACKS
Phishing emails are a common way for cyber criminals to access your passwords and usernames, or to confirm you are a real and active user. Phishing attacks have become increasingly sophisticated and can look almost identical to emails you might expect to receive from banks and couriers etc.. It’s common for these types of emails to ask you to “Please log into to accept this meeting”, “Click here to allow drop off of your parcel” or “Change the drop off for your parcel here”. You can view more examples here.
To help reduce the chances of an attack, be sure to:
- always check the email address. If it doesn’t look right, don’t click or reply. If you do click and you’re asked to log in, don’t
- check with the individual or company the email appears to be from or log into your account via the web address, not the link in the email. A simple check can save you a lot of stress
Phishing attacks can also take the form of browser notifications. This innocent looking pop-up is a recent example of a browser attack designed to trick unsuspecting users.
3. LEVEL-UP YOUR PASSWORD GAME
To reduce the chances of hackers accessing your usernames and passwords, you should:
- ALWAYS use multi-factor authentication (MFA). This dramatically increases the security of the system, especially if you use an authentication application
- check to see if your passwords are compromised. Mass data breaches of small and large companies over the years means your ‘old’ passwords may be for sale on the dark web. You can safely find out if your work and personal emails have been compromised here
- use a separate password for each login (a password manager like LastPass can help). Don’t use any personal passwords to access your company IT systems
- use a phrase as your password e.g. IEatMyDinner@6pmEveryNight will take a cyber criminal months, even years to crack
- change passwords regularly (every 30-60 days) and NEVER simply add a number to the last password you used. This is the first thing hackers will try if they know your last password
- include at least one uppercase, lowercase, number, and special character in new passwords and ensure they are 8 – 14 characters long. Complex and longer passwords take more time for hackers to break
A FINAL NOTE
I like to think of cyber security defences as a fence we build to protect our systems. Criminals continue to find ways to get over, under or around these fences. Therefore, it’s essential to keep checking the fence to ensure it remains secure. I encourage you to assess the strength of your company and personal fences today.
Stuart is Honan’s Head of Information Technology and a member of the Zoom Customer Advisory Board. You can read more about his involvement with Zoom here.