With so many people working from home right now, the chance for data breach has increased for businesses. For example, there have been Zoom calls getting hacked, transcribed and posted without the hosts knowledge or even crazier stories of intruders popping into Zoom meetings.
More concerning is identity theft and phishing schemes that have spiked during the quarantine.
I spoke with Eric Cole to outline exactly how you can protect your data and your money. Eric worked at the CIA as a professional hacker from ’89 to ’97.
Now is the perfect time for hackers to steal data.
“Traditionally, you had your kids at school, your spouse at their job, and now all of a sudden, everyone’s converged,” says Eric. “I have friends who are on an old home computer, their kids are doing homework, they’re running businesses, they’re filing taxes and that’s an exposure point. [Hackers] are sending out a 300% increase in phishing emails about COVID-19 because they know that people are so petrified. In our analysis over the last three weeks, 71% of all emails that you receive that say COVID-19 or corona are actually malware or attacks. Less than 30% are legitimate. So you need to be so careful.”
Another reason for the spike is the remote workforce that arose seemingly overnight.
“The way you support a remote workforce is to either put all your servers accessible from the internet, which is a big exposure or you move everything to the cloud very quickly,” says Eric. “That alone has now increased the attack vectors because that data is now accessible. The second big thing is when you’re in a corporate environment at an office building, you have a lot of protection measures. Now that you’re working from home, all that’s gone. The final piece is attackers love it when people are emotional because when you’re emotional, you make irrational decisions.”
More people are clicking on emails they wouldn’t, like ones that say five employees at your company have been infected with COVID-19. Even though it looks suspicious, they can’t help but click on it.
Eric said that the number of malware programs are increasing.
“The good news is 100% of the malware runs only on Windows computers,” says Eric. “So my recommendation is if you’re going to be going through a lot of emails or surfing the web, use non-Windows-based devices the first pass.”
The two main areas where you can be targeted are by surfing the web or checking email.
“The two most dangerous apps on the planet are email and your web browser,” says Eric. “That’s how 99% of the attacks are going to happen. If you’re careful with email, it’s all about embedded links and attachments. With surfing the web, it’s all about ads.”
“People will go to a legitimate website, but the ads that pop up are not verified by the website and could be a scam and they’re going to steal your passwords and credit card information.”
At the end of the day, be careful what you click on.
The other thing to think about is your router.
“Most people had their wifi setup seven, eight years ago,” says Eric, “and…that wifi is open, unprotected, and easy for someone to access. Now that we’re running businesses, filing taxes, doing everything at home, I would recommend you spend five minutes just looking at what the router is- it’s probably a Linksys or a Netgear. Then, just Google search, ‘securing Linksys X, Y, Z’, and they’re very easy steps to log in and turn on security.”
This is especially important because Eric described people connecting to your wifi and using it to commit crimes. Someone only needs to be 200-300 yards away and then when the police trace it back to you, you’re liable.
Eric suggested turning on text notifications for your banking. If someone attempts a fraudulent wire transfer, you’d be notified and if you can catch it within 24 hours, the bank can reverse it. After 24 hours, it’s gone.
With two-factor authentication there is another scam.
“One of the things the attackers do is call you up and pretend they’re from the bank,” says Eric, “and they’ll say they’ve noticed some weird activity and ask if they can send a one time code to verify your identity? What they are trying to do is get you to give them your two-factor authentication code. I’ve seen that happen so many times. The bank will never ever ask you for two-factor.”
The other thing Eric recommended was to be sure to update your computer. So many people now are working on old computers that might not be running optimally and safely.
“[Your computer] has to be above Windows 7. Windows 10 is recommended,” says Eric. “Make sure you’re getting the updates and patches. And most importantly, make sure you download and import a security product like McAfee, Sophos, Kaspersky, one of those.”
So much of our life is online—all your bank accounts, investments, tax records, all your data—we don’t think about how a compromise could really impact us, our businesses and our families.
“The two biggest mistakes that everyone makes that turn them into victims is they think they are not a target and that is false,” says Eric. “If you have a dollar in the bank, if you have an identity, a Social Security number, you are a target and they’re going to come after you. And then the second biggest mistake is people assume that the technologies that we utilize are secure by default. They have security built-in, but you have to turn it on. So my second tip is cybersecurity is your responsibility. If you remember that you’re a target and cybersecurity is your responsibility, that’ll go a long way to keeping you safe.”