As people around the globe adjust to the stay-at-home orders due to the COVID-19 pandemic, the environment is ripe for Malicious Cyber Actors (MCAs) to exploit unsuspecting users — especially with the massive increase in remote workers and distance learners. For the average user that may be wondering how to fortify their defenses to maximize internet safety and security, zvelo’s Cybersecurity team has put together these actionable tips to secure your home.
Emails
One of the most common and easy ways attackers compromise victims is via a phishing email. This is when an attacker sends an email to a victim pretending to be from a legitimate service or company to trick the user into clicking links in the email or opening an attachment. If you are not expecting an email from that company, don’t click on any links or open any attachments! If you think it may be legitimate and has a link from say, your bank, open a browser and manually go to the website to be safe.
What can you do?
Websites such as https://haveibeenpwned.com/ allow you to check if your email has been compromised. It even shows which data breach led to your email being compromised. If you have ever experienced a sudden onslaught of spam emails and wondered why, it’s likely your email was compromised in a data breach.
Passwords
For many of us, passwords are the bane of our existence. Often times, people get caught in the cycle of forgetting a password and resetting it, only to forget what it was changed to. Out of frustration, or in most cases convenience, people tend to reuse their passwords. If your email and password have been compromised and you use this to login to any other website, attackers will use what is called credential stuffing and try the email/password combination they have harvested on popular sites.
What can you do?
Use a password manager app. These are applications you can download on your PC, phone, and tablet to store all of your passwords securely. They also sync across all your devices, so as soon as you change a password, you change it in the password manager, and now it is saved on all your devices. Instead of remembering all your passwords now, you only have to remember one.
IoT Devices & Router default Admin Passwords
Did you know these devices commonly have the same username and passwords for each model? This allows an attacker to login to your device and make changes. An example recently was the news about attackers logging into cameras and Ring devices — tools designed to secure your home environment. As it turns out, the accessibility was not a fault with the company or tool itself, but with users who never changed the admin passwords.
What can you do?
Always make sure to change your admin username/password on all your internet-connected devices.
Two-Factor Authentication
At some point or another, almost everyone ends up having their username/password is compromised. The username/password combination provides only a single layer of protection, and unfortunately, is often inadequate when it comes to securing your personal data. Users need to make it a habit to protect themselves with two-factor authentication. This means that if someone has your information and they try to login to your account, they must also have access to your phone number, email, or authentication app to login. This offers users another layer of protection from being compromised as it creates an extra barrier for the attacker.
What can you do?
Make sure to enable two-factor authentication on everything that allows it. Email service providers and financial institutions commonly force users to do this. While it can be an inconvenience to go through the extra step, the security and protection far outweigh the downside.
Patching
Unpatched vulnerabilities are commonly used exploits to gain admin or root privileges on your machine, or to gain code execution to install malicious software. An unpatched vulnerability in a single end point can spread globally in a very short period of time — WannaCry ransomware is one example.
What can you do?
Setup your PC, phone, or tablet to update automatically. This will ensure your updates install overnight or whenever you shutdown or restart your device(s).
Protect your network traffic
Did you know it is not difficult at all to monitor all network traffic if someone is connected to the same router? How many times have you connected to public WiFi at the airport, a hotel, or a even local coffee shop? Too many users do this without giving it a second thought which makes it be easy for another user, or potential attacker, to snoop on what other computers are doing over that network.
What can you do?
Install a Virtual Private Network (VPN). VPNs protect your network usage and anything you send over the internet. There are many options — some free, some paid. Generally, the paid options offer faster speeds. We recommend trying them out and use the option that best suits your needs.
In the end, the zvelo Cybersecurity team reinforces the importance of making yourself a hard target. MCAs will go after the soft targets first as they are easy prey. The more difficult you make things for an attacker to get to you, the less likely you are to become their next victim. These steps are just some of the basic necessities required to secure your home in today’s environment.
