Information Security

Information security: stay safe in work and at home

During this current situation, with many people working from home, there has been a rise in the amount of malicious online activity, with scams, spam and malware all on the rise. Sadly, at times like these, the bad people get ‘badder’.

We all have to keep our guard up right now. It is crucial that we are all aware of the different sorts of threats we may encounter – at work and at home – so that we can spot them and know how to deal with anything that looks suspicious.

The people that run these scams rely on you doing something (clicking a link, opening an attachment etc) for them to work.

So remember: if in doubt DON’T CLICK and stay HEALTHILY SUSPICIOUS

Phishing

Phishing is an attempt by scammers to obtain sensitive information such as usernames, passwords and credit card details by disguising themselves as a trustworthy source (for example, your bank) in an email or other electronic communication.

We’re seeing a huge rise in phishing attempts – and they are not just related to COVID-19. 

Phishing attempts can be very convincing so it is more important than ever that we are vigilant to potential phishing emails.

Remember: 

  • don’t click on or open anything if you are in any doubt
  • remain healthily suspicious of unexpected or unsolicited emails, no matter how credible they look, especially if they have attachments or links to them

If the communication looks like it’s come from a trusted third party (such as a customer) then contact the customer directly to check if it is a legitimate communication.

Credential breaches (“We know who you are”)

Credential breach emails are those which claim to know not only your email address but also your password – and often this is correct. They usually come from when you have used your work email address to sign up for a service (such as public Wi-Fi) and your details have been stolen.

First of all it’s important to remember that the information in the credential breach email is all they know. Anything else they claim to be able to access or do is untrue. They cannot access your work network and they cannot access your home network. But they will try to get you to click a link or send details or money WHICH YOU SHOULD NEVER DO.

Don’t forget: these scams rely on you doing something (clicking a link, opening an attachment etc) for them to work. So don’t!

These emails can be alarming, which is what the hackers are relying on. But they are relatively easy to deal with so stay calm and report it immediately to your security or IT teams if you have them (even if it’s not work-related), otherwise mark the messages as Junk or block the sender.

Hoaxes and myths

Alongside these genuine threats, it’s also very important to be mindful of any hoaxes circulating on the internet or via social media. Often shared by people trying to protect themselves and their loved ones, this sort of misinformation can be damaging and do more harm than good.

How do I know if it is misinformation?

The simplest thing to do is be vigilant and check the source. If the story has come from a reputable news site then it’s more likely to be genuine. But if you don’t recognise the source then think twice about sharing it with others.

A simple web search would also help you to see if it’s a story that has been widely reported and therefore is more likely to be genuine.

Remember:

  • just because something has been shared widely, doesn’t make it true
  • don’t be tricked by people claiming a story is reputable – anyone can write “it was announced today on BBC News,” but that doesn’t tell you anything
  • don’t use the ‘better safe than sorry’ excuse – you can’t make someone safer by protecting them from something that doesn’t exist!

Hints and tips

Here’s some basic hints and tips to help you and your loved ones stay safe online.

Remember: if in doubt DON’T CLICK and stay HEALTHILY SUSPICIOUS

  1. Report it
    If you receive anything that looks suspicious, report it immediately to your security or IT teams if you have them (even if it’s not work-related), otherwise mark the messages as Junk or block the sender.
  2. Don’t worry
    Genuinely don’t. Hackers may have some of your user credentials but they probably do not have your ‘secrets’ or anything else they claim to have.
  3. DO NOT click on any links, open any attachments or respond to the sender
    The people that run these scams rely on you doing something (clicking a link, opening an attachment etc.) for them to work. So don’t!
  4. Review your passwords
    Everything we access is password-protected and chances are you use the same few passwords for all your logins. Now’s the time to check and change them and use a password manager if you can.
  5. Make sure you have appropriate Anti-Malware installed, it’s turned on (!) and up to date
    Have a look at av-test.org for what you can run for free, at home.
  6. Update your browser
    You know when you open Safari, Chrome or Firefox and that annoying reminder pops up, to update it, but you ignore it because you’re busy? Don’t. Update your browser today, (including the plug-ins for Flash and Adobe etc.)
  7. Check your active sessions and permitted devices
    You’ll find these in the settings of Facebook, Twitter, iTunes or whatever you’re using. Check them out and close ones you don’t recognise.
  8. Enable multi-factor authentication
    If you haven’t enabled multi-factor authentication in WhatsApp, Gmail or whatever you use, then go to the settings and set it up. You’re already using it for internet banking and it’s no different.
  9. Do not use your work email addresses to register for external services
    Unless it is wholly relevant and appropriate, do not use your work email addresses to register for external services, mailing lists or to get through a credential wall (like airport Wi-Fi). Instead set up a new email address and use it only for registering for external services.