The bad actors out there understand the need to constantly innovate and design new methods of separating you from your money. They prefer not to hack – why hack someone when you can simply trick them into giving away their credentials? -- but, either way, there is an evolving and relentless campaign targeting individuals, businesses (small and large) and every level of government. And they’re succeeding! Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025.
With cybercrime targeting every connected device, we must change our thinking and understand that it’s just not computers and networks that require protection. Your mobile phone is a connected device – full of valuable information, access to sensitive accounts and personal details, that criminals can use to exploit your lack of protection. In addition to the more popular attacks that use Ransomware and Phishing cybercriminals are now using malicious Apps or “riskware” to gain the access they desire. These apps ask for permissions and data access under the guise of improving the app experience, but what they're doing is mining data to sell. At best, this scam results in increasingly invasive advertisements. At worst, sensitive data is used to steal your identity.
Don't Neglect The Internet of Things (IoT)
In recent years, the growing constellation of connected internet of things (IoT) devices added tremendous convenience and productivity to homes and businesses. They collect, exchange and analyze vast amounts of data to gather insights into everything from understanding consumer behavior and improving business efficiencies to reducing operational costs and enhancing overall workplace safety. As connected devices continue to increase in number, it is increasingly important to secure them. These devices have vulnerabilities just like any other device, and become a tempting target for bad actors. To protect your environment at home or the office, follow these steps:
Employ Device Discovery for Complete Visibility: Gain into the number of IoT devices connected your network. Keep a detailed, up-to-date inventory of all connected IoT assets, ideally with a dedicated IoT security solution to ensure all devices are identified.
Apply Network Segmentation for Stronger Defense: Network segmentation divides a network into two or more subsections to enable granular control over lateral movement of traffic between devices and workloads. With this setup, if one segment is compromised, it can keep other segments protected. In an unsegmented network, there is a greater chance that a single compromise event will spread laterally to become a contagion.
Adopt Secure Password Practices: Many IoT devices come with weak preset passwords that are easy to find online. As soon as an IoT device is connected to your network, it is a best practice to reset its preset password with a secure, more complex one.
Patch and Update Firmware When Available: Most IoT devices are not designed to patch security flaws using regular updates. IoT devices with particularly long shelf lives, also have a higher risk of discontinued support from the manufacturer. When setting up a new IoT device, visit the vendor’s website and download any new security patches for known vulnerabilities.
Monitor IoT Devices at All Times: Implement a real-time monitoring solution that continuously analyzes the behavior of all your network-connected IoT endpoints by seamlessly integrating with your existing security posture and next-generation firewall investment.
Protect Your Mobile Devices
Seriously consider investing in mobile security software that specifically protects your mobile phone from malware and riskware. Some of the most popular are Bitdefender Mobile Security, Norton Mobile Security and Avast Mobile Security, but there are many packages that may fit best based on your unique usage and needs. The point is mobile security software is a must in today’s world.
Update Software When an OS update is released it’s a good idea to pay attention. The same goes for the apps on your phone. While these updates are always intended to improve performance and fix minor bugs, there is a particularly good chance a security vulnerability is getting sealed. Update your software on your device when prompted. If you are unsure about the update, we can provide advice based on our testing. The point is mobile OS and app updates are an important part of security.
Only Download Apps From Trusted Sources
It is quite easy – and common – to hide malicious code inside an app. Those who wish to steal your identity or money will attempt to trick you into downloading a counterfeit app or simply one that promises to easily solve a problem. Either way, the hidden code could compromise your phone, your information and your security and you may never know it. Apps sold through the Apple Store and/or Google Play meet strict development criteria and are vetted for malware. They are the safest way to purchase virus-free software. Avoid third-party app stores that may or may not apply the same level of scrutiny.
Use Strong Passwords
Use strong passwords and use different passwords for different sites -- never reuse a bank or brokerage password on another site. To add a second layer of protection, enable two-factor authentication for each account and invest in a Password Manager to help keep track of all your complex passwords. Dashlane, LastPass and 1Password are among the most popular tools to manage passwords and keep you safe. Remember, hackers do not “hack” in, they “log in”.
WI-FI & Bluetooth Best Practices
It’s never a promising idea to connect to an unsecured network via Wi-Fi or Bluetooth connection, this includes coffee-shops, airports rented cars and restaurants. When you connect to an unsecured Wi-Fi network your traffic is wide open to interception. To combat this, use VPN software to encrypt your Wi-Fi traffic and keep your data secure. There are many VPN tools available, but the best tools are those you pay for. When you connect your mobile phone to a rental car, you expose your contacts and other information to a public vehicle. The next person that rents the car may have access to your contact list, including email addresses. Avoid connecting your mobile phone to a random USB port, even for charging. Public charging station, such as those in airports and longed, are known for attacks. Use a “USB Data Blocker” or USB power-only cord to avoid the risk of “plugging into” a dangerous source. While inconvenient, it is a good practice to turn off Bluetooth when you are not using it. With Bluetooth turned on, an Apple iPhone can recognize when another Bluetooth-enabled iPhone is nearby, opening the possibility of someone sending malware to your phone.
Apple Pay & Android Pay
Credit card breaches are rampant. Apple Pay and Android Pay can minimize who has access to your card. These payment methods do not pass your credit card number to the merchant (or to Apple & Google). These payment methods are significantly faster than inserting a card.
Roark Tech Services is constantly monitoring the Internet to spot scams and warn our clients. We are experts in cybersecurity and cybercrime, uniquely qualified to assist small businesses and help them stay safe & competitive. Always consult with us first. If you do not have an IT Partner that you can trust to give you the right support and advice, we would love to help. Contact us.