Understanding Your Risks
A note from the writer: These tips and information are for general purposes only. If you are working from home, check with your company’s IT department and/or management regarding your employer’s security policies and procedures for work from home.
As the world continues to fight the battle again the novel Coronavirus (COVID-19), many companies are having employees work from home. While this is necessary to help slow down the spread of the virus, good security practices are more important than ever, both for work and personal purposes.
Our goal is to give you everything you need to know about how you can protect your data and your company’s data from hackers and social engineers. While some of this may seem like common knowledge, hackers are thinking of clever ways to steal information and money.
Email security: Don’t Take the Bait
Phishing emails are spiking at astronomical levels since the start of the COVID-19 outbreak. In fact, Barracuda Networks, a major cybersecurity company, reports researchers found that spear-phishing attacks rose over 600% between January and February 2020. And in the month of March (March 1-23), a Barracuda product detected over 460,000 spear-phishing email attacks, of which over 9,000 (~2%) were related to COVID-19.
With spear-phishing, social engineers will craft the emails for either a specific person or organization carefully in hopes that they will get the reader to act. Unlike standard phishing attacks, which are created for a much wider distribution and often come with malicious payloads (such as attachments), spear-phishing uses special methods to bypass email filters.
Spear-phishing emails create a sense of urgency and that the targeted victim must act fast. This may be someone acting as a co-worker asking for some sensitive files to be emailed, or an individual pretending to be from the World Health Organization (W.H.O.) asking for financial donations by following a link in an email.
The best thing to do if you see an email that does not look right is simply ignore it and delete it. The W.H.O. has a page dedicated to explaining sources of legitimate email addresses from the organization so you do not fall victim to a scam. If the email came from someone you know, but it looks odd, contact the sender to make they legitimately sent it, in case their account was compromised and stolen.
If the email has a link in the body, you can also check where it leads to without clicking/pressing the link. On a computer, all you need to do is hover over the link with your mouse. You will see the page the link is pointing to on the bottom left of your screen, as seen below. If you check your email on a smart device, press and hold the link. A popup window should appear with the page, along with the option to go to the link.
Smart Device Apps: Careful What you Download
As more and more people use smart phones and other smart devices for entertainment and information, hackers are focusing their efforts to drawing users to download apps that contain malware.
Attackers will send you links that say the latest app regarding COVID-19 information or any current topic can be downloaded by following the link. In most cases, the app will come off as a legitimate app. An example is the app “corona live 1.1”, which claims to be the legitimate tracking service provided by Johns Hopkins, which is known as “corona live”.
Hackers may try to email or text you a link that claims to allow you to download the app. The app will likely look like a legitimate copy of a popular app. These apps actually hide malicious code that can allow hackers to steal information from you and may even take control of your devices!
If you would like to download any apps to track any Coronavirus news and numbers (or any apps in general), the ONLY places you should download them from are either the App Store for Apple devices or the Google Play Store for Android devices.
For an extra layer of protection for Android devices, you can enable “Play Protect” in the app store. We will give the step-by-step process for this at the end of this guide.
Patching the System: Update Regularly
Whether it is your system at the office or at home, installing updates always seems to come at the worst possible time. Ignoring these updates, however, can lead to much larger headaches than waiting a few extra minutes for your computer or smart device to boot up.
Keeping your digital devices updated is one of, if not the most, important part of maintaining a secure digital presence. A report by ZDNet indicated that one in three data breaches or attacks occurred due to unpatched vulnerabilities in either operating systems or software. Microsoft usually releases patches for Windows on either the second or fourth Tuesday of each month. If your computer is running Windows and has updates available, you will see “Update and Shut Down” and “Update and Restart” as options in the power tab. Apple will send out updates based on needs. You can also check to see if patches are available, which we will explain at the end of this article.
For smart phones and smart devices, such as tablets, a pop-up will come up on your screen letting you know an update is available. Make sure you’re connected to WiFi to download the update, and have your device plugged in to make sure it doesn’t power down. We will provide a step-by-step process for iOS and Android devices at the end of this guide.
Unused Software: Additional Security Threats
Whether it is your desktop or your smart phone, chances are that you have some software or apps that you installed some time ago and have not used them in a long time. If this is the case, make sure you uninstall them immediately! Not only do unused apps take up storage on your device, but they also can lead to security issues, especially if the software or app is no longer supported and pushing updates.
VPNs: Understanding Proper Usage
Unless you work for a company where face-to-face interaction is required, you are likely working from home. Bigger companies likely have a Virtual Private Network (VPN) that allow you to connect to resources and infrastructure owned and operated by the company. Connecting to your company’s network via a VPN will allow you to access servers and other resources you may not be able to reach from your own home network.
If you are connecting to your employer’s network via a VPN, you must remember that you are required to follow the Acceptable Usage Policy as defined by your employer and act as if you are using the computer at your desk at work. Acting careless not only can put your devices at risk, it can also increase the risks to your employer. Make sure you ask your company’s IT department if you are unsure about the Acceptable Usage Policy.
Anti-Virus: Keep Your Devices Running Smoothly
Finally, you will want to make sure that your device has anti-virus software installed and enabled. Make sure you update your anti-virus daily (most do this automatically) so the software can catch the latest known viruses. Make sure to also run a scan of your device at least once a week so the software can catch any viruses before they become problematic. Fortunately, smart devices also have anti-virus apps available as well, so you can keep safe on all connected devices. A list of iOS (Apple) apps available can be found here, and Android apps can be found here.
Checking For Updates On Windows 10
To see if there are any updates available for Windows 10, type “update” in the search box next to the Start menu, as seen below.
Click on the “Check for updates” once it populates in the search results. The following screen will appear. If updates are available, it will show in the screen like below.
If you do see any update available, press “Download” to get the update. This is important if this is a security update. Please note, Windows requires you to restart your computer once the update is downloaded to successfully install it.
Check For Android Updates
Note: This example uses the Samsung Galaxy S8. While the Android Operating System is the same, the interface my vary on each device.
To check if your Android device needs any updates, go to “Settings”
From there, scroll down until you find an option labeled “Software Updates”
Press the button to get to the next screen below. Press check for update. In the next screen, the device will give you some information, and ask if you would like to check for an update. Press OK.
If an update is available, you will see the following screen:
Once you are updated and there are no additional updates available, you will see the following screen:
Check for iOS updates (iPhone and iPad)
To check for updates on Apple iPhone and iPad devices, press the “Settings” icon on the main screen. In Settings, look for the “General” tab. Press this tab to find the “Software Updates” option, as seen below.
In this screen, press the “Software Update” button. If an update is available for your device, you will see a window that looks like the one below:
Press the Download and Install tab. Once the update is downloaded, the device will restart and install the update. You device will return to the lock screen once the update is complete.
If there are no updates available, the screen will look like the one below.