The Importance of Cyber Security When Working From Home
Here at Huxley, we have always been advocates of strong cybersecurity and are continually undertaking stringent measures to ensure the online safety of not only our employees, but also of our clients and candidates. While we are working from home, we are regularly sending security updates to our employees with the latest recommendations and what to look out for to keep everyone aware and vigilant. Now more than ever, keeping yourself informed and safe when using the internet is essential.
Cyber attacks - Why have they recently increased?
More businesses than ever before have had to adapt to remote working due to COVID-19, resulting in an even greater reliance on the power of the internet and technology in general.
You may think that, as the world is in quarantine, hackers may slow down, but this couldn’t be further from the truth. In times of economic downfall and uncertainty, Cyber criminals play to people’s anxiety and fear - for them it’s the perfect opportunity to attack vulnerable people.
A worrying aspect of the current wave in cybercrime is the increase in fake COVID-19 websites that claim to offer treatment and further information regarding the virus but in reality offer cyber criminals the chance to access your personal information.
To help keep consumers safe, security companies such as Risk IQ have begun to compile comprehensive daily reports which give the main highlights and updates on essential cybercrime data which can further help you keep abreast of the situation.
Another target for hackers has been the popular video conferencing software Zoom.
With an increase in video conferencing due to remote working, cyber criminals have registered domains using the word "zoom" and the "zoom-us-zoom_##########.exe" naming scheme. This naming scheme delivers an attachment which, when opened, attempts to install unwanted apps or potentially malicious software on your hard drive without you being aware. Global cyber security firm Herjavec Group has put together some best practice guidelines to follow when installing Zoom to help avoid you becoming victim to an attack like that. Another option is to use an alternative software such as Microsoft Teams which provides similar functions to that of Zoom.
COVID-19 – What to look out for?
Attacks come in a variety of formats, most common are: phishing scams (emails or texts) and malware. According to Google’s Safe Browsing Transparency Report, the figures from March confirm a 350% increase in phishing websites since the start of the year. Now is as important a time as ever to ramp up in terms of cyber security, and to be aware of the various threats to your devices which could be coming your way.
What exactly are phishing attacks?
Essentially, phishing attacks are a type of fraud which involve the attacker attempting to gain sensitive information from the victim(s) such as credit card details, usernames or passwords. They can be enormously deceptive as the attacker generally disguises oneself as a trustworthy body or reputable organisation in order to build trust. With the rapid growth of the internet over the number of years, it is little wonder that so too have phishing attacks become more commonplace also.
It can be hard to remain vigilant in the combat against cybercrime. It is even more difficult when working from home, as you are less likely to sanity check an email with another employee when away from the office.
It’s essential to pay close attention to the emails and messages you are receiving and the links you're clicking on. The URL of the page you are visiting is usually the best clue to whether a website is genuine or not. Ensure you are only opening emails that come from a trusted source, and avoid all spam. Using a password manager such as LastPass can ensure that you adhere to the latest recommendations in terms of secure passwords which can also help. You should also be using a VPN to keep your information and privacy as safe as possible.
If you’ve opened a message and can’t decide whether it is genuine, here are some things to look out for:
1) Legit companies don’t request your sensitive information via email
2) Usually, legit companies call you by your name
3) Check for the domain email – if it looks wrong, it probably is!
4) Spelling or grammar mistakes? We’d hope a real company can spell!
5) A real company won’t force you to their website
6) Look out for unsolicited attachments
7) Check the URL – does it match the company?
Think you’ve received a phishing email - what should you do?
First things first, if you’ve received an email from a person or an organization you are not sure about, you shouldn’t open it or click on any of the links in it until you have verified the source, and certainly do not open the attachments in such messages.
You can also hover your mouse or cursor over any links until you can see the web address and clarify that it looks legitimate. Do a quick Google search of any of the extracted information to see if anybody has reported it as cybercrime, then report it to your Cyber team so that they can advise your colleagues to look out for similar attacks!
What can you do to reduce the chances of an attack?
Our advice would be:
- Change your Wi-Fi administrator’s password from the default to a customized option with a healthy mix of characters
- Be wary of any pop-up messages from organizations claiming to be the WHO (World Health Organization) or the CDC (Center for Disease Control).
- Never hand out personal details over email