The pandemic has created a rush to work from home. As a result, the rise in online fraud has increased dramatically. Why? Firstly, no longer are workers shielded by Internet security protocols implemented on work networks. We have all become our own IT personnel at home. Secondly, the range of competency is contingent on our understanding of these security basics. Further, we also have to convince other people that are now schooling and working in the same household to adopt these practices.
Another group that has been greatly impacted is our seniors. This group has lower familiarity with many online tools. They are often the target of privacy-related scams. Some are even targeted with COVID-19 vaccination misinformation from emails. This has lead to seniors paying for FREE vaccination bookings.
More than ever, the role of Internet security and knowing the basics is more important than ever. We’ve assembled five essential tips that everyone should get into the habit of right now.
It might not always be so easy to spot a legitimate email these days. Some SPAM is so sophisticated that it can fool the best of us at times. But there are some clues to help you sound the early alarm.
If you receive an email from someone you know, but it just seems off, check the email address used by the sender. You can often click their name in the from field and see exactly which email it was sent from. For example, if your friend ‘Joe Bob’ always emails you from ‘JoeBob604@gmail.com’ but the address you uncover is ‘email@example.com,’ then it’s probably not from ‘Joe Bob.’ Please don’t open it or click any links. Please send it to the trash right away. Follow the same protocol for emails from companies that you don’t recognize or do recognize that are requesting information. Chances are, Microsoft will not send you an email from ‘firstname.lastname@example.org’.
Let’s say that the above does not raise suspicion. The email address checks out. It really does look like ‘Joe Bob’ sent you a message. But the request is bizarre. For example, they ask you to purchase $500 in Amazon Gift Cards, and they want you to send all the scratched off codes to them, and they will pay you back. We always want to help our friends and family, but this doesn’t look right. Your defence? Just pick up the phone and give them a call right away. If they say no, they never sent you an email, then you can safely delete it. You can also inform them that their email address may have been compromised, so they can take proper precautions to secure it.
There have been many scams related to COVID-19, CRA CERB, and many other places. If you are in doubt, pick up the phone, and call the official number to clarify. It’s worth the time to do this. You can also send an email via their contact form or use their live chat if available. Social media is also a place where you can get quick responses direct from a representative of the company.
Before investing in a third-party security software package or app, do all the free things first. By making sure that your operating system and the software you currently use are all patched with the latest updates, you benefit from the security updates that come with them. Windows, macOS, iOS, and Android OS all have update tools available to get you updated. Run them and set them to update your system at night when you aren’t using your devices. Individual software apps you use on desktop operating systems only take a quick visit to their respective websites to locate their latest versions. If your software is no longer supported, many companies offer discounted upgrades. Or, you can take this as an opportunity to try something new.
As far as Internet security apps, one of our favourites is Malwarebytes. The software is available as a FREE version and as a more feature-rich paid version. For free, you can run the app to scan your system for any current viruses or vulnerabilities. If you pay for it, you can access automatic scanning, browser extensions, and even VPN for additional privacy. Other packages are available on the market too. Bitdefender is another really great package.
Browser plugins like the one from Malwarebytes with a paid subscription are beneficial because they scan URLs and web pages for privacy and security vulnerabilities. It can even block immediate threats and warn you about them right away. Some packages offer apps that can help you identify and remove rogue apps and files you may have downloaded by accident.
If you’re on Windows 10, Windows Security is a free way to get some essential protection. It’s nowhere near as good as what Malwarebytes or what others offer, but it is a good first line of defence when turned on. Make sure you check it out. You can even run it alongside Malwarebytes or Bitdefender to cover your bases.
What about Macs? There are anti-virus packages for the platform. Coincidentally, Malwarebytes offers a solution, and it’s one of few with enough features that it might be worth a look. However, the consensus is that it isn’t needed, but they wouldn’t exist if there were a ZERO threat.
Strong passwords are essential for securing your Netflix account and your smart home devices, Internet routers, and anything else that goes on the Internet. The lack of strong passwords is one reason for stories about hacks and other misfortune. But how do you pick a solid password and remember it?
A password manager can be a simple workflow and not just an App. A password-protected spreadsheet uploaded to the cloud can also be a great way to manage more extended and more complex passwords. That way, you have a backup that is not local, but you still have access to it wherever you are. One that is available via your smartphone, Chromebook, iOS, macOS, and Windows devices. Just don’t forget the password you set to unlock it.
If you’re looking for something a bit more fancy and better integrated, you can try a password manager app. LastPassword and 1Password (a Canadian company) are two of our favourites. Both offer comparable security, browser plugins, apps, and desktop apps. Once installed, these apps allow you to log new passwords and logins and access previously stored ones, on your smartphone and desktop. It’s like a big keychain but without the pocket bulge and jingling. One of my favourite features is the ability to generate a robust password that can’t be guessed.
One advantage of LastPassword is that it comes with a more basic free version, while 1Password is a paid service after an initial 30-day trial. After that, pricing starts at $2.99 US a month for a personal account. Both offer family accounts to help your household become more secure.
If an app or online service supports this, it can be a huge advantage if a password is compromised. Say, for example, your Netflix password was compromised, and someone tried to log in with it. They may get the password and username right, but it will then ask them for a code or key sent to the owner’s email address or phone via text. This additional step has just saved your account. But it also notified you that someone knows your password. You can now change your account password and secure your account. This time with a much more powerful password that you have generated with one of the aforementioned password managers.
Quite often, you’ll see two-factor authentication used on bank websites, accounts for your smart home devices online, and of course, Netflix. Sometimes this is not enabled by default, and we recommend that you look at the security or password area of your accounts to locate that functionality to turn it on. If the service you are using does not offer two-factor authentication, try to schedule in your calendar a password change at least every quarter.
You might also see two-factor authentication implemented as a separate app download. Online game developers like Blizzard secure user accounts for Starcraft, World of Warcraft, and more this way. The apps generate a code required for login and can only reside on the owner’s smartphone. Some accounts support authenticators like the Google Authenticator app. Password managers like LastPassword also offer these functions for an even higher level of security. But choose your own adventure, and having two-factor authentication on is better than not having any at all. Two-factor authentication can come in multiple forms.
All Internet-enabled devices come with a username and password to allow you to log in, configure, and use it. Most of the time, if you plug these types of devices in and accept the default settings, they might start working immediately. At that point, you might think that your job is done, and it’s time to relax. Not so fast!
Internet-enabled devices can often broadcast their default usernames to whoever can pick up their signal. Let’s say that the device is an Internet router. Chances are, the ID it broadcasts can be searched for on Google. Once the device and model are identified, the default password, login name, and the URL you need to type in to get to the admin page can be found in the online manual. The manual that everyone has access to. As a result, the individual can now download the smartphone app and mess with all your equipment, reveal your IP and Mac addresses, and maybe start to employ even more nefarious ways to invade your privacy and security.
The router is your worst-case scenario because it exposes everything behind your home network. But any device that has easily compromised credentials can be an attack vector that weakens your entire network.
In short, if you have a new device, be it a router, Internet camera, any number of WiFi-enabled kids toys even, make sure you change the username, password and turn on two-factor authentication if it’s available. Remember that chat about passwords earlier? Make it strong, hard to guess, and log it into your password manager. Or, use the password manager to generate something diabolical that will keep opportunists at bay.
Now that you might be working from home, your Internet security and the practices you enforce are truly in your hands. No one from IT is going to walk around and talk to you about changing your passwords. You might now get an email from them instead (which you’ve confirmed is authentic) which you might forget about. But if you follow these five really simple tips, and turn them into habits, you should be able to fend off most potential issues that can turn into nightmares. Most importantly, make sure everyone else in your household is making the effort. A weak point of entry is what opportunists exploit. Yes, even the kids. The sooner they learn, the less you have to worry about.
What are some things you’ve implemented to help beef up your Internet security defenses? Do you have any of your own advice on getting others to take responsibility for their habits? Let us know in the comments below.