Did you know that the first half of 2020 saw more phishing scams than all of 2019! Unfortunately, these scams are not letting up any time soon.
The Solar Winds Hack
The Solar Winds hack was a huge breach and has affected so many industries and businesses. Microsoft was affected by the solar winds hack as well with some of their products. The Justice Department had an email breach because of the Solar Winds hack. We are just starting to see the ramifications of this, and I am sure we will continue to it in the months to come.
I have written before about email awareness and ways to be more secure at home. The freedom of being able to work from home, or to work from anywhere is great, but like anything there are drawbacks that need to be taken into consideration. One of those is free public Wi-Fi. Who does not like free stuff!! Its convenient to have free public Wi-Fi. The problem with public Wi-Fi is that it is unsecured which leaves you wide open to hackers. If you want to work from a coffee shop, or if you are traveling around thanks to COVID-19 making your work life more flexible, then you should have a VPN that you connect into before you do any work. If you work for yourself then you might not have an enterprise VPN setup to remote back into an office environment. There are several VPNS that are available for a small monthly or yearly fee. A few that are well known are Express VPN (https://www.expressvpn.com/) , NordVPN ( https://nordvpn.com/ ) and Cyber Ghost (https://www.cyberghostvpn.com/en_US/) just to name a few.
Now keep in mind these VPNs will not prevent you from clicking on a link that is loaded with malware, what it does do is to protect you from being on unsecured Wi-Fi networks.
What else can you do to have IT security mindfulness?
Use a virus scan and keep it up to date. This is a huge one! Keep your OS updated with the latest updates. Keep the software that you use updated. Run frequent scans on your systems to look for viruses, Trojans and malware.
Have email awareness.
Be careful when getting emails that are alerting you to a problem with one of your accounts, or an email telling you there was a problem with the shipping on an item. If you can sign up for text alerts for your stuff. Be mindful when getting emails telling you that your password will expire today. Chances are its bogus. Have 2 factor Authentication enabled on your accounts, is it a hassle, yes, but would it be more of a hassle to have to cancel your credit cards, and passwords to all your accounts? My guess is you would rather get a text with a 6-digit code to enter in than to have to deal with the headaches of changing the passwords of all your accounts. Here is an example of an email supposedly coming from Microsoft telling you that your office 365 password is going to expire.
Can you spot what is wrong in this email?
Let’s review it.
the from email address: From: HelpDesk Support <firstname.lastname@example.org> This is definitely not an email that is from Microsoft.
The spelling of password is wrong. The hacker used Pass-word instead of using password.
They emphasis on the password expiring Today.
They Tell you to continue using same pass-word to update your account
If you hover over the Update now button you will see the hyper link doesn’t direct you to Microsoft at all.
These are all things to be mindful of. Anytime you get an email with a button to click in it to update something, hover over it to see the hyper link first. And better yet, close out of the email and go directly to the company’s website to log into your account.
If you are unsure of an email it is better to ask an IT professional. If you do not have someone to ask, feel free to contact me at SNL Tech Services and I would be happy to take a look and let you know if it is a safe way to proceed. It is far better to be safe than sorry.
IT security starts first with the end user being IT mindful!