The next few weeks we will all spend more time at home (which means we’ll spend more time browsing the Internet). Even before the announcement of the self-isolation mode, many had already switched to remote work: they replaced their office computers with home computers and now they have to remotely connect to mail, the organization’s internal network, databases, and other tools. Together with Kaspersky Lab, we tell you how to avoid troubles online under these conditions.
So how is it? Now you have to deal with the data more carefully?
Yes. At this time, attacks can become more frequent that threaten both the security of companies and individual users. After all, not only work, but also most of life has moved to online. We began to use streaming and educational services more often, communicate with friends and colleagues via video communications, order food and other things online. At the same time, home computers are often less protected than office computers: they do not have corporate anti-virus systems, cybersecurity experts do not serve them, so the risks of hacking and data leakage are higher.
Okay, and what threats should I pay attention to?
There are many threats. For example, attackers can intercept traffic through public Wi-Fi on a site that does not use encryption (they can be found by the URL starting with “http” without “s” at the end). The user may encounter phishing emails, malicious banners or malicious applications from unverified resources. By the way, phishing, spam and fake information have been missing recently. On a remote site you need to be especially vigilant in this regard. The volume of correspondence increases significantly, and messages from unfamiliar addresses or to mass mailing in instant messengers should be treated with skepticism, ignoring links and attachments. At Kaspersky Lab“ they warn that now attackers are likely to create fake platforms for video conferencing and online training, fake mobile applications for delivering popular goods (products, medical masks, etc.). And hackers can disguise themselves as tech support techs and ask for account information.
And so it is clear that the password for the account cannot be told to anyone. Anything else to say?
It is important that for each service – be it a professional resource, personal account in your favorite online store or banking application – the password should be original and reliable (at least 12 characters with letters in different registers, numbers and special characters). And in order to safely store them, it is better to use special programs – password managers. It is important to set up two-factor authentication for all your accounts, in which the identity must be verified in two ways (for example, through a password and push notification on a smartphone). To do this, go to the security or confidentiality settings of the service and look for the “Two-factor authentication” tab.
But why do I need this “two-factor authentication” and other difficulties? I’m not some top manager!
Most attacks in the world are not specifically targeted at anyone. When it comes to spam, phishing, phishing (telephone fraud), malicious mailings, attackers rely on mass. They are not interested in specific users, but their data or money. On the other hand, if attackers infiltrate the user’s device, they can gain access to the information and money of the organization to which it relates. Using data stolen from the device of one colleague, an attacker can compromise another with his colleague and eventually get to the infrastructure of the company itself.
How do attacks happen? Any examples?
According to a joint report from Kaspersky Lab and Raiffeisenbank, 70% of card frauds in 2019 are related to various social engineering tools. Most often, attackers write letters or call and introduce themselves either as bank employees (and ask to dictate these cards), or by tax inspectors demanding to pay off the debt. Compromising corporate correspondence is a frequent headache for a business. Recently, for example, an attacker managed to convince the financial director of a large company to change the recipient’s bank account information and steal $ 37 million.
What about video calling? Now I often communicate with my family like that, and I call up at work. Can they follow me through the camera?
The fact that attackers can spy and eavesdrop is a fact. They even learned to do it discreetly by turning off the indicator light next to the camera. Sometimes working conversations become the target, so even Mark Zuckerberg seals the camera (the same way, Roskachestvo advises to do the same). However, for this it is better to find special stickers that do not leave marks and do not spoil the optics.
By the way, Kaspersky Lab has a program Kaspersky Internet Security, which will send a notification if any program tries to gain unauthorized access to the camera, and this access can be blocked. Using Kaspersky Internet Security, you can also determine the range of safe programs that can connect to the webcam (at the end of the article, look for how to protect your devices for two months for free).
With cameras it’s clear. What else can be done? What options?
If possible, consult a specialist who is responsible for digital security in your organization. If this is not possible, it is worth checking for updates to systems and programs (they must be the latest versions): hackers look for loopholes and bugs in order to gain access to devices and data through them. In the released software updates, as a rule, developers correct such shortcomings.
Do not store confidential files (passport scan, logins and passwords from accounts) in an unprotected form on a computer, on leaflets or in public files. And when you upload a file to the cloud, check who has access to it (is the file open to everyone on the Internet).
Use a VPN – this is one way to protect data transfer. It is also worth setting up a firewall (firewall), which performs the function of checking and filtering, and at the same time blocks your local network from the Internet. It will be useful to periodically do a full backup of important data: so if they are lost, it will be possible to restore everything.
If you are going to make a transaction on an unverified site, first look for information about it using free whois-services. If the domain was created recently, it is unclear by whom, and even on free hosting, you should not transfer money.
It sounds complicated, but I need to use a computer now! What else can be done?
Kaspersky Lab, with whom we made this material, has a special offer for Kaspersky Internet Security. Install the program on Windows, macOS or Android by clicking on these links (it is important that they match your system) and use protection.
The program blocks malicious software, protects payment data, and also blocks spyware that monitors calls, messages, and location data. If you lose your mobile device, it can be found on the map, reset and even lock.
The “Safe Payments” function of Kaspersky Internet Security protects all money transactions that you make on the Internet: from purchases in online stores to transfers through online banking or Yandex.Money. The program checks the sites where you enter confidential information, but at the same time does not intercept a one-time password or characters entered from the keyboard.
The built-in privacy mode will not allow sites to track your activity, so that annoying ads will stop appearing in the browser. The anti-phishing function will not allow you to access dangerous sites: phishing links on social networks will be blocked.
Why do you scare me if I have a macbook. He is protected already!
Attackers are counting on such an opinion! Although there are fewer malware for macOS, they exist. The most common threat to date is the Shlayer Trojan. But the dangers here are not limited to malicious files (viruses, trojans, and so on). There is also phishing, extortion through theft of Apple ID and online fraud. According to Kaspersky Lab alone, the number of phishing attacks on macOS users is constantly growing: in the first half of 2019, their number almost reached 6 million.
In order to keep abreast of new tricks that cybercriminals come up with and to protect themselves from troubles, Kaspersky Lab advises following the news on its Kaspersky Daily blog.