Guest Blog by Bonnie Low-Kramen
Did you know that October is National Cybersecurity Awareness Month? It is vitally important for us to become very aware of what is going on since the hackers are getting smarter and more sophisticated every day.
What do the hackers want? Your banking information and account log-ins for a myriad of sites, plus your company’s data and money. Stealing from us through hacking is a multi-billion dollar business.
Here’s some vocabulary that will help you talk to your IT team about how to keep your data safe.
Spoofing & Phishing – Emails that look legitimate designed to capture your account information. We need to learn to hover with the cursor over the email address and hyperlinks to see if they are legitimate or bogus.
Malware/Ransomware – You receive a message on your computer screen saying that your database/business files are being held “hostage” and the only way to free them it to pay a “ransom” by bitcoin. I know someone who this happened to. He paid $400 and the data was freed. There is no way to find out who is behind this sinister and potentially business-ending practice. In response, my colleague purchased a dedicated and encrypted server on which to store his company files.
Whaling – When you receive an email that looks like it is from your executive instructing you to wire “$10,000 immediately to XYZ account.” I know assistants who have acted on this kind of email and it is next to impossible to get the money back.
Hackers Strike During Times of Crisis & the Holidays
As the COVID-19 pandemic continues to interrupt everyday life, millions of employees are now working from home, far outside the protective cyber-barriers and firewalls of their offices. For many, this is a new-ish concept and they may not be as cautious as they are in the office in securing their equipment and data.
As an executive assistant, much of the work you do must remain confidential. This is why it is especially important to ensure that you’re maintaining best practices for cybersecurity at all times, especially now that the Thanksgiving/Christmas holidays are coming up.
Hackers strike during crisis and the holidays. Here’s why.
Here are 5 tips to keep in mind to keep your company’s data safe and secure – and your own.
- Utilize a Secure WiFi Connection
While working remotely, it is often tempting to work from a hotel lobby, local coffee shop, restaurant, or perhaps even an airport or a local library. However, these locations utilize unencrypted and unprotected WiFi networks, which can pose a risk to cybersecurity.
Public WiFi networks are free which make it easy for hackers to position themselves between you and the access point. Though many people do not realize the dangers of connecting to public WiFi networks, it is important to know that anything you do on a public network isn’t secure.
While on these networks, you may be unintentionally sending your information to the hacker, including mails, phone numbers, credit card information, business data, and more.
If you opt to use public WiFi, consider installing and using a virtual private network (VPN) on all mobile devices and computers before connecting to any WiFi network. A VPN will establish an encrypted connection between your device and the VPN server, which makes your data much safer from hacker interception. If you already subscribe to an anti-virus suite, a VPN may be included in your subscription.
- Keep Mind of Your Digital Assistants
Remember that their job is to listen to you. Smart speakers, such as the Amazon Echo or Google Home, have become a major convenience for those looking to integrate more technology into their homes. In fact, Marketing Land reported earlier this year that there are an estimated 157 million of these devices in American homes.
These devices listen to your conversations, even when you are not explicitly using them. This is especially important to keep in mind should you be participating in phone calls or conversations that should be kept confidential.
If you use a smart speaker know where the “mute” button is located on your device and familiarize yourself with the privacy settings. For example, with Amazon’s Alexa, you are able to view, hear, or delete your voice recordings one by one, all at once, or have them automatically deleted on an ongoing basis. You can also choose not to have your voice recordings saved.
- More about Phishing Emails
One of the most common tactics that hackers utilize to gain entry into your network is through compromised credentials, which can occur through attacks such as malware, phishing, and ransomware. To avoid falling victim to these tactics, exercise caution and due diligence when dealing with email messages and attachments.
As TechRadar reports, 90% of data breaches are caused by human error, so it is important to practice caution should you receive unfamiliar or suspicious-looking emails or messages.
Here’s what to look out for should you think you’ve received a phishing email:
- The email asks you to send personal information such as banking details or login credentials
- The email address doesn’t look genuine (for example: @mail.airbnb.work as opposed to @Airbnb.com)
- The email contains a suspicious attachment
- The email contains misspellings, inconsistent grammar, and uneven and incorrect capitalizations
- The messaging is designed to make you panic and act immediately
One helpful technology tool that you can utilize to prevent these types of attacks is identity and access management solutions, like multi-factor identification or single sign-on. These solutions help to strengthen your login credentials and prevent hackers from accessing your company and personal data.
- Change Your Password Every 90 Days
Passwords rule our lives. The experts tell us to change your passwords every 90 days. However, passwords have always been a very weak security control and they are most often the only link between cybercriminals and our identities.
However, AI – Artificial Intelligence – is currently being used to improve biometric authentication, like you would see in your mobile phone’s face recognition technology. Called Face ID, the device detects the user’s facial features by built-in infrared sensors and neural engines. AI software produces a sophisticated face model by recognizing key similarities and patterns. In addition, there is also fingerprint recognition on phones for added security. Where applicable, be sure to implement these types of features on your devices to best protect the data they contain.
Should you opt to use traditional passwords for logging in, be sure to utilize both lowercase and uppercase letters, and add in at least one ‘special’ character (*!&?). Use unique passwords for each login, and stray away from common passwords such as names, birthdays, pet names, etc. You may want to use a password manager app like 1Password, LastPass or Dashlane that store and encrypt your login info.
- Cybersecurity Basics
- Always lock your computer (Windows Key + L) when you walk away from it, even while home.
- Block/mute your computer webcam and microphone when not in use.
- Reboot your mobile phone at least once each week.
As we all work to get accustomed to the “new norm” in today’s work environment, it is critical to not let our cybersecurity guard down. Be sure to use the above tips to keep your personal and professional data safe and secure. Work closely with your IT team to keep everyone up to speed about how to use the tools that are available.
Shared with permission from Bonnie Low-Kramen’s article on Oct 20.