How to Combat Cybersecurity Threats During Covid-19 Reconnaissance
During these vulnerable Covid-19 times, marketers need to stick to the best cyber hygiene practices, whether working from home or in a remote environment. Creating such an environment is absolutely imperative to help organizations and employees stay safe, secure, and productive during unprecedented times.
Before we delve further into details, we need to understand the potent cyber threats that we are surrounded by.
How Your Communication & Computing Devices Get Impacted
An attack may encroach your security in many ways. A hacker may:
- Record your phone calls and keystrokes
- Access your social media accounts, messaging applications, and your email
- Retrieve content and call logs from your chat applications including WhatsApp, LINE, etc.
- Highjack your microphone or webcam to spy on you
- Impersonate you and can impact others in your network
- Retrieve location data, browser histories, and stored media files such as photos and videos
- He may modify the settings of your device and can take the screenshots
- Expose your personal or corporate data
- Encrypt your data so you can’t use your device unless you pay a ransom
What Kinds of Attacks Should Marketers be Looking Out For
Threat actors have many ways to attack. Here are some major ones:
- Social Engineering: Anyone can be tricked into installing malware by someone sending you a text or email containing weaponized links or attachments. One can also be asked for a password or other private information during a phone call from an attacker posing as a member of the technical support team or someone else you think you should trust.
- Physical Access: An attacker can compromise their system while it’s left unattended.
- Application Vulnerability Exploit: An attacker can compromise legitimate applications on their system that are known to be vulnerable to remote access attacks.
- Malicious Applications: Marketers can fall prey to malicious applications they consider trustworthy such as an app or an application
- Malicious Websites: You could become infected if you visit an attacker-created website or a legitimate site that has been compromised.
- Exploit Via Charging Station or PC: You could become infected if you connected your device to a compromised charging station or PC.
- Exploit Via Radio Interfaces: Your mobile device could be attacked through its interface to cellular networks, Wi-Fi, Bluetooth, or NFC.
Learn to Protect Yourself From Phishing Attacks
Always observe these cyber hygiene best practices.
- Carefully Examine Email Sender Addresses: Attackers often pose as trustworthy senders by using email addresses containing domain names that are similar to those from legitimate sources. For example, an attacker might try to fool you into thinking an email comes from the Centers for Disease Control by using the domain @cdc-gov.org rather than the correct @cdc.gov. It’s always best to exercise caution and treat all emails as potentially malicious. Remember too that even legitimate email addresses can be compromised.
- Don’t Click Email Links: Never click on a link in an email, even if the message appears to originate from a trusted source. Instead, hover your cursor over the link to view the destination address. Then, if the message and link seem genuine, type the URL directly into your browser.
- Don’t Open Attachments: Attackers can conceal malware in innocent-seeming word processing, spreadsheet, and presentation files. Never open an attached file unless you know the sender and are certain their system has not been compromised. If you’re unsure, call them to confirm the attachment is safe.
- Don’t Open Emails from People You Don’t Know: It’s highly unlikely that someone you’ve never met has anything important to tell you. Messages like these are almost always spam or phishing attempts. Mark them as spam and move on with your day.
- Notice Errors in Spelling and Grammar: Errors like these are red flags for scams and phishing attacks and strong indicators of malicious intent. Also be wary of generic greetings, such as “Dear Sir,” and greetings that are inappropriately personal, such as “Dear Beloved,”.
- Ignore Emails That Demand Immediate Responses: No legitimate entity will ever demand that you provide personal information of any kind by email. Attackers know you’re more likely to accede to their demands if they make you feel a sense of urgency.
Security Guidelines for Remote Workers
Follow these simple guidelines to keep your devices safe and secure.
- If you suspect your device has been compromised, immediately notify your manager. If your device is connected to your employer’s network, immediately disconnect it.
- Never leave your device unattended. Always enable screen locking options that require entering a pin or passcode.
- When traveling, log out of – and if possible, uninstall – all third-party apps until you return.
- Disable Wi-Fi, Bluetooth, and NFC when not in use or while traveling.
- Never click on links in unsolicited or suspect emails. If a link looks legitimate, type the URL directly into your browser instead.
- Disable auto-downloads by third-party apps on your personal devices.
- Unless explicitly permitted, don’t access your employer’s corporate network or file shares with personally installed third-party applications.
- Don’t publish personal information to social media sites unless you’ve set the privacy controls to permit access only to people you trust. Adversaries often use social media for intelligence gathering before an attack.
- Know and adhere to your employer’s security and device usage policies.
WhatsApp: Go to the window where chats are shown. Select Settings, the three vertical dots at the top right-hand side of the screen. Click on Data and Storage Usage. Head to Media Auto-Download, where you’ll encounter three options:
- When Using Cellular Data
- When connected to Wi-Fi, and
- When Roaming
Disable auto-downloads by unchecking all four options, Photos, Audio, Video, and Documents.
For Android Users: Use your device administrator settings to disable and uninstall applications from unknown sources. These potentially unwanted programs may contain spyware.
For iOS Users: Don’t jailbreak your iOS device. This could allow attackers to gain root access to the operating system, install malware, and steal your data. Here are two ways to tell whether your iPhone® or iPad is jailbroken.
First, use Spotlight to search for the Cydia application. If it appears, you’re jailbroken. You can also use paid applications, such as iVerify, to determine your jailbreak status.
Wrapping Things Up
Overall, it's important to maintain a security-first mindset that focuses on prevention rather than cure. If you follow our recommendations and avoid unnecessary risks, you stand a good chance of keeping your personal and business data both private and secure.
Employing the above tactics will certainly help the marketers strengthen their cybersecurity framework on the ways to the new normal.
Look for database management solutions that empower and protect your employees while they’re working from home.