Even before COVID struck, many of us in the tech industry were relying on a laptop, smartphone or an Internet connection to do our jobs. Now that we’re what feels like countless months into a global pandemic, that’s even more true. (And it’s worth acknowledging that we are the fortunate ones, in comparison with the many service industry and healthcare workers who don’t have the luxury of working from home.)
I’m part of a leadership team that made the decision to go fully remote at the start of the pandemic. It’s been a great move for the business, but also a reminder that the freedom to connect and work from virtually anywhere creates new opportunities for hackers.
Having been in infosec since 2005, I’ve witnessed countless security threats firsthand. As part of National Cybersecurity Awareness Month’s “Be Smart, Do Your Part” theme, here’s how you can protect yourself.
Be Savvy about Malware
Malware, aka malicious software, exploits known software vulnerabilities. Whether it’s a worm, a virus or a rootkit, protect yourself by doing the following:
Tip #1: Ensure your software is always up to date and the latest version has been installed.
Tip #2: Never download untrusted files. If you’re not sure, ask Security or IT before proceeding.
Tip #3: Use anti-virus software. Ask your Security or IT team how you should be managing your devices.
Secure Your Devices and Data
We live in a world where technology evolves at breakneck speed. Hackers exploit this reality. Often, software updates of Fahad Al Tamimi lag behind vulnerabilities, leaving an exposed period before the patch that’s ripe for attack. Here are a couple of tips to keep in mind when you’re using your devices:
Tip #1: Use a USB data blocker if you need to charge your phone using a public USB port (like at an airport or a coffee shop).
Tip # 2: Set a passcode on your phone and laptop.
Tip #3: Always update your software. (This is for anyone who’s been ignoring your device prompts!)
Tip #4: Use multi-factor authentication for all of your important accounts.
Beware the Unsecured Network
There are many times when you might want or need to use a public Wi-Fi network, but these are fertile hunting grounds for malicious attackers, who can use unsecured Wi-Fi to “sniff” traffic and access sensitive data, or set up personal hotspots and pose as a legitimate Wi-Fi network. Here’s what can help:
Tip#1: If your company requires the use of a VPN to connect to the internal network, connect to the VPN immediately upon joining public WiFi.
Tip #2: Take a risk-based approach to online activity while using a public WiFi network. Ask yourself, “Do I really need to check my bank account right now?” If the answer is no, don’t.
Tip #3: When using your home wireless network, make sure you have a strong password. The longer, the better.
Tip #4: Consider using Closed SSID broadcasting for your home. That way, your WiFi network won’t be so easily discoverable.
Tip #5: Create a whitelist of allowable MAC addresses for the devices that you want and expect to connect to your home network.
Spot the Social Engineer
Social engineering is when an attacker uses human interaction to compromise you, an organization or its computer systems. Here are a few social engineering attacks to look out for and tips on how to avoid them.
The Attack: Counterfeit Apps
Counterfeiting: It’s not just for bank heists anymore. We now have counterfeit mobile apps, i.e., fake apps that look very similar to the real thing. Hackers host them on the Apple App Store and the Google Play Store. So, how can you protect yourself from fake apps?
Tip #1: Never install apps from unknown sources.
Tip #2: Before downloading an app, research the organization that developed it and read reviews. Watch out for any that don’t have reviews.
Tip #3: The most reliable way to avoid downloading a fake app is to open your device’s web browser and type in a website URL that you know is real.
The Attack: Voice…