Posted October 2, 2020
October is National Cybersecurity Awareness Month, and the National Cybersecurity Alliance has set things in motion by issuing some current recommendations for 2020. We tell you what they say about:
- COVID-19 pandemic
- Working from home
- Smishing attack
When the COVID-19 pandemic began, there was a huge increase in fake emails and text messages (they increased by over 600%!). These threats and scams have not disappeared: the villains continue to attack individuals and organizations, and therefore the National Cybersecurity Alliance offers some recommendations on how to stay safe:
Discover reliable information
Be wary of information related to the pandemic that just kind of “pops up” in your inbox, because this is much more likely to contain misinformation, or to be part of fraud. Instead of passively waiting for info to come to you, take a more active role and stay up to date on searching for your own information from reliable sources.
Daytime programming on cable news channels is a reasonable choice. But be aware that “talking head” shows that it makes up the evening programming on the same channels, tends to be far more subjective, and may include analyzes based on personal policy or a host’s opinion, rather than hard evidence and data! When it comes to online sources, look for well-established news outlets like PBS or the BBC, or a similarly credible journalistic organization – and a word for the wise, you may want to avoid your neighbor’s Facebook rants! If you are just looking for medical information, the websites of the CDC or major hospital organizations such as the Mayo Clinic are probably the best.
Be skeptical by default
There are a lot of good people out there … but unfortunately there are also some nasty pieces, and it pays to be vigilant when you come across an attention-grabbing subject line in your email.
If you receive an email telling you that you have come in contact with someone who tested positive for COVID-19, or that you are eligible for emergency aids, or that scientists have just discovered a “miracle cure” for coronavirus – be very skeptical . All of these examples were taken directly from scam emails that people have received in recent months.
So how do you spot a fake email? Keep an eye on the following characters:
Fake URLs that use the wrong domain (eg Cdc.com instead of cdc.gov; nhs.uk.info instead of nhs.uk; etc.)
- Emails that force you to act immediately (eg “You have 24 hours to claim your aids”)
- Clickable links in unsolicited emails
- Requests for personal or financial information (eg DOB, social security number, bank details)
With millions of people around the world working from home, many for the very first time, the threat landscape has changed radically for both companies and employees – and the villains are taking full advantage of the situation.
Despite the challenges, many workers report that they actually enjoy working from home, and companies come up with the idea that it may be a viable option in the long run, even after the pandemic is over, which means that the National Cybersecurity Alliance’s work-from-home recommendations are not only relevant to our current situation, but will probably help us prepare for the “new normal” in the years to come.
Here’s what they have to say about staying safe while working away from a traditional office.
Rules are rules
Think of the home office as a traditional office, at least when it comes to security policy. Do you know all these procedures for passwords in the workplace, data management requirements and rules for giving out information to strangers who call on the phone? They still apply when you work at your kitchen table – and if anything, they are more important when you are at home. When it comes to non-safety issues related to work from home, it is largely a matter of personal preference: so if you want to take customer calls in pajamas, we will not judge!
Ask for help
Even if the IT man or guy no longer works in an office down the hall, you can still ask for help! Call, email or chat via your corporate messaging platform if you have questions about software updates or network security. A true technical professional will not see this as “bothering” them: if anything, they will be happy that you reached out (trust us, they would rather spend 10 minutes going through an update than 10 days on coming after a ransomware attack.).
Turn on the alarm
If you experience a security incident, report it immediately to management and IT staff. The sooner the security teams know there is a problem, the sooner they can put the response plan into action – and potentially stop a minor incident from inflating into something more serious. We know that it is not an easy phone call, but it is the right thing to do (both for yourself and your colleagues and customers), and will definitely be appreciated by the IT staff who have the task of keeping everyone safe.
Do not be smished
During the pandemic, the world has gone far – and that means many of us are using our mobile devices more than ever before. Hackers and scammers have, of course, noticed this and have adapted their tactics to take advantage of our new, mobile-centric reality.
“Smishing”, a term that comes from “SMS phishing”, is increasing, with bad actors trying to use SMS messages to pretend to be legitimate companies. Many times these will be companies you really have a business relationship with, and that may actually have a reason to send you a text: banks, mobile operators, cable companies and so on.
Here’s what the National Cybersecurity Alliance recommends:
Learn to spot smishing
You know how to avoid phishing emails, but how do you spot smishing attempts? Here are some common signs:
The text comes from a 5000 number. This number is often used by scammers.
- The number is not recognized. If you do not know the number, do not answer. Don’t worry, if Verizon really writes about your overdue bill, they will definitely find another way to contact you!
- Something feels wrong. Very subjective, we know, but if you have a “bad feeling” about that text, your subconscious may have noticed something wrong with the message. Trust your instincts!
- Something feels wrong. Very subjective, we know, but if you have a “bad feeling” about that text, it may be that your subconscious has noticed something wrong with the message. Trust your instincts!
Get your own numbers
If an SMS message asks you to call a specific number, keep in mind that scammers can easily set up fake phone numbers and answer them (very convincingly) as the organization they are trying to impersonate.
So if you get a text from for example a bank or a credit card asking you to call them, just go online and find their main customer number yourself, or just look at the back of your credit card and call the number instead. If the original text was legitimate, you will be transferred to the correct person.
Be careful with “urgent” texts
As with email, if a text tells you to respond “immediately”, especially if they say or suggest that something bad will happen if you do not, be careful: this is a common tactic used by scammers to scare people into acting without thinking. If you think the text may be real, slow, find the company number independently and call them about the problem.
Be careful with attachments
Attachments that come in via mobile messages can contain malicious software or redirects to malicious websites, just like e-mail attachments. Malicious attachments can even come from your contacts, so as a general rule, never open an attachment from an unknown sender, and be vigilant and follow your best practices for securely handling attachments, even when you know the person who sent it!
To Checklist listeners, some of these recommendations will probably seem quite familiar; But for many people, especially those who are not as tech savvy as you, these tips may be things they have never considered before. If you think it will be useful for someone you know, you may want to share this show with them. After all, it is National Cybersecurity Awareness Month!
If you want to get into the spirit of things and deepen yours own understanding cybersecurity, take some time to explore our archives, where you can listen to past episodes and read the full show notes for each podcast.