Cyber Security Awareness Month: “This Year, Life Happens Online”
The COVID-19 Pandemic made us transform our normal modes of communication by utilizing the internet for work, school and socialization with family and friends. We have all become accustomed to using Zoom, Microsoft Teams, Google Hangouts, etc. to communicate these past 18 months. Although these technologies made us feel connected, it brought upon additional risks that hadn’t been considered earlier and left everyone more exposed – remember Zoombombing?
Eight Proven Tactics for Preventing Cyber Fraud
In this article, we will provide tips and tricks and share examples to help keep you, your family and your organization safe from external threats while connected online:
Practice Good Password Hygiene
Your password is your first line of defence so make sure it’s strong!
- Use a combination of uppercase and lowercase letters numbers and special characters.
- Try using a unique password for every one of your accounts or employ a password manager. These can be found on most smartphones and help keep track of your various passwords for different accounts.
“Credential stuffing” is a type of attack which takes passwords and usernames collected from previous hacks of accounts worldwide, taking advantage of the fact that many people reuse passwords and usernames across multiple accounts. This was evident in the recent Canada Revenue Agency (CRA) breach. The graphic attached provides a snapshot of some of the most popular passwords.
Use Multi-Factor Authentication
Add an extra layer of defence to your online accounts by utilizing two-factor or Multi-Factor Authentication (MFA) such as a passcode via an authenticator app or security token such as Lastpass, RSA ID and Google Authenticator). Enable MFA by using a trusted mobile device and authenticator app or a secure token to prevent cyber criminals from accessing your accounts even if they guess your password. There are several cloud-based authentication apps available that can provide you with this extra layer of protection. MFA is currently deployed successfully at commonly used services such as financial institutions and government agencies where the user is required to enter a username and password and receives a code on their pre-registered cellphone that must also be entered to verify the identity.
Use a Virtual Private Network
When connecting to public networks many cybercriminals target public Wi-Fi networks in the hopes of intercepting or stealing users’ data. If you find yourself needing to connect to a public network (such as the local Starbucks) use a Virtual Private Network (VPN) to keep your connection secure by encrypting the data being transferred. There are many different free and low-cost apps available that can be set up in minutes.
Keep Tabs on your Apps
Enable automatic app updates on your devices. This will guarantee that you always have the latest security patches when available. Be sure to only keep apps that you actively use on your device, as some apps could suspiciously be running programs in the background or using default permissions without your knowledge. The app stores are known to also have malicious apps available, which have been downloaded and used in data breaches. Ensure that you are downloading apps from trusted app stores and avoid downloading apps from unknown companies or sources.
Although it might be tempting to share personal details on social media, this makes it easier for cybercriminals to exploit your data. Avoid posting information like phone numbers, addresses, school and work locations and other sensitive details that could lead to fraudulent activity. Other common areas are online games or quizzes within Facebook or House Party where the user is asked about their favourite colour, favourite country, school names, pets name, etc. This information can easily be used to try and guess your passwords or security questions.
Install and Update Anti-Virus Software
Make sure all your computers, smart electronic devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware to protect information loss.
Beware of Phishing Scams
Phishing is a commonly used method by cybercriminals to trick a user into divulging personal information such as credit card data, passwords or even Social Insurance Numbers. Research suggests that over 70% of cyber breaches start with a phishing campaign. Watch out for the common characteristics of phishing attacks which include e-mail phishing, Smishing (SMS Phishing) or Vishing (Voice Phishing) such as pretending to be a government agency and asking for personal information. If you receive an email or message that has a sense of urgency, is from an unknown sender, has spelling or grammatical errors in the body of the message or if the message contains links with suspicious URLs, avoid interacting with the message altogether and delete it immediately.
Be Vigilant when On-Site
With organizations slowly starting their “return-to-work” plans, employees and partners are being allowed back into the office. For many organizations, there have been many new additions to their staff who have been operating online. Tailgating is where an unauthorized person follows an authorized individual to gain access to a secure area. This method can be used under the pretence of being a new employee to gain physical access by following an existing employee through physical barriers such as access cards. The unauthorized individual then proceeds to connect a rogue device to the network with the intent to access and manipulate the organization’s network. Always be vigilant when on-site for anyone who doesn’t belong and “if you see something – say something”.
Cyber Security Awareness Month is internationally recognized to help the public learn more about the importance of cyber security. The Communications Security Establishment has set up a public awareness campaign – Get Cyber Safe (https://www.getcybersafe.gc.ca/). This campaign helps Canadians stay secure online by teaching simple steps to protect themselves and their devices. COVID-19 has made us utilize the internet in ways we never thought possible, but taking appropriate precautions will protect our organizations and families as we are realizing that “Life Happens Online”!