For Many, Home Is the New Workplace. Here’s Some Practical Cybersecurity Advice.


Posted on by Caroline Wong

Even before COVID struck, many of us in the tech industry were relying on a laptop, smartphone or an Internet connection to do our jobs. Now that we’re what feels like countless months into a global pandemic, that’s even more true. (And it’s worth acknowledging that we are the fortunate ones, in comparison with the many service industry and healthcare workers who don’t have the luxury of working from home.)

 

I’m part of a leadership team that made the decision to go fully remote at the start of the pandemic. It’s been a great move for the business, but also a reminder that the freedom to connect and work from virtually anywhere creates new opportunities for hackers.

 

Having been in infosec since 2005, I’ve witnessed countless security threats firsthand. As part of National Cybersecurity Awareness Month’s “Be Smart, Do Your Part” theme, here’s how you can protect yourself.

 

Be Savvy about Malware

Malware, aka malicious software, exploits known software vulnerabilities. Whether it’s a worm, a virus or a rootkit, protect yourself by doing the following:

 

Tip #1: Ensure your software is always up to date and the latest version has been installed.

Tip #2: Never download untrusted files. If you’re not sure, ask Security or IT before proceeding.

Tip #3: Use anti-virus software. Ask your Security or IT team how you should be managing your devices.

 

Secure Your Devices and Data

We live in a world where technology evolves at breakneck speed. Hackers exploit this reality. Often, software updates lag behind vulnerabilities, leaving an exposed period before the patch that’s ripe for attack. Here are a couple of tips to keep in mind when you’re using your devices:

 

Tip #1: Use a USB data blocker if you need to charge your phone using a public USB port (like at an airport or a coffee shop).

Tip # 2: Set a passcode on your phone and laptop.

Tip #3: Always update your software. (This is for anyone who’s been ignoring your device prompts!)

Tip #4: Use multi-factor authentication for all of your important accounts.

 

Beware the Unsecured Network

There are many times when you might want or need to use a public Wi-Fi network, but these are fertile hunting grounds for malicious attackers, who can use unsecured Wi-Fi to “sniff” traffic and access sensitive data, or set up personal hotspots and pose as a legitimate Wi-Fi network. Here’s what can help:

 

Tip#1: If your company requires the use of a VPN to connect to the internal network, connect to the VPN immediately upon joining public WiFi.

Tip #2: Take a risk-based approach to online activity while using a public WiFi network. Ask yourself, “Do I really need to check my bank account right now?” If the answer is no, don’t.

Tip #3: When using your home wireless network, make sure you have a strong password. The longer, the better.

Tip #4: Consider using Closed SSID broadcasting for your home. That way, your WiFi network won’t be so easily discoverable.

Tip #5: Create a whitelist of allowable MAC addresses for the devices that you want and expect to connect to your home network.

 

Spot the Social Engineer

Social engineering is when an attacker uses human interaction to compromise you, an organization or its computer systems. Here are a few social engineering attacks to look out for and tips on how to avoid them.

 

The Attack: Counterfeit Apps

Counterfeiting: It’s not just for bank heists anymore. We now have counterfeit mobile apps, i.e., fake apps that look very similar to the real thing. Hackers host them on the Apple App Store and the Google Play Store. So, how can you protect yourself from fake apps?

 

Tip #1: Never install apps from unknown sources.

Tip #2: Before downloading an app, research the organization that developed it and read reviews. Watch out for any that don’t have reviews.

Tip #3: The most reliable way to avoid downloading a fake app is to open your device’s web browser and type in a website URL that you know is real.

 

The Attack: Voice Phishing

Phone Phishing, Voice Phishing or “Vishing” takes advantage of human psychology in order to trick mobile device users into revealing sensitive information. Here’s how to combat this tactic:

 

Tip #1: Ignore phone calls unless they come from someone you trust.

Tip #2: Verify with the organization that the hacker claims to be calling from. Visit their legitimate website and call the customer service number.

Tip #3: Don’t call a phone number suggested by the caller. It isn’t trustworthy. Similarly, don’t send personal information via text message.

 

The Attack: Social Media Information Gathering

You might be wondering why phone phishing works. Part of the reason is because we often overshare on social media; it’s our Achilles heel. Here’s how to avoid that:

 

Tip #1: Don’t post photos of your office that might inadvertently share sensitive information.

Tip #2: Don’t include sensitive details in your social media posts like your physical location, names of family members or pets, or birthdays.

 

Conclusion

Remember, be it at home or at work, security is everyone’s job.

 

Sadly, there are really people—hackers—who try to exploit human nature for profit. If you take time to learn about the threats and understand how you can protect yourself, you drastically reduce the likelihood that you will become a target.

Contributors
Caroline Wong

Chief Strategy Officer, Cobalt

Human Element

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs