Keshav Dhakad
The COVID-19 pandemic has changed our daily routines, the ways we work, and our reliance on technology. As we spend more time online, it’s important to remember that the basics of online safety have not changed. These guidelines provide a strong foundation for digital security, but as we think about the “new normal” and how the internet is woven into the fabric of our lives, extra steps may be necessary to further reduce risk.
So, in addition to the security policies implemented by your work or school, here are a few more practices we recommend you—and your family and friends—adopt to further increase personal cybersecurity resilience.
Keep devices secure and up to date
1. Turn on automatic security updates, antivirus, and firewall. Cyberthreats often prey upon the devices that are the easiest to compromise: those without a firewall, without an antivirus service, or without the latest security updates. To reduce this risk, turn on automatic updates to ensure your devices have the latest security fixes, enable or install an antivirus solution that runs continuously, and configure a firewall.
2. Don’t forget networking devices. Device safety includes your networking devices, too, so make sure that you check for and apply all updates for your networking devices. Check if they are using default admin passwords (easy to try) or ones that are easily guessable (like your birthday). Update your Wi-Fi credentials to strong passwords with a mix of upper- and lowercase letters as well as symbols and numbers.
3. Use Wi-Fi encryption options for access. Wireless access points offer the ability to require passwords to gain access to the network. Take advantage of this feature to ensure only authorised users are on your home network.
Secure your identity, guard your privacy
4. Protect your digital identity. With more of our lives connected in the virtual realm, your digital identity becomes even more important to protect. Use strong passwords or, if possible, biometric authentication like your face or fingerprint, and wherever possible enable multi-factor authentication (MFA). Among others, Google and Microsoft both offer free MFA applications that are easy to set up and use.
5. Keep your guard up in online chats and conferencing services. As we spend more time on virtual conferences and video calls, it is important to think about privacy. Consider these questions when trying new services:
> Who can access or join the meeting/call?
> Can it be recorded? If yes, do all participants know?
> Are chats preserved and shared?
> If there is file sharing, where are those files stored?
6. Use background blur or images to obscure your location. One of the more popular features on video conferencing tools like Zoom, Skype, and Microsoft Teams is the ability to blur or change your background. This can be an important privacy step that you can take to maintain privacy between home and work environments.
Protect business data while at home
7. Use the right file-sharing service for the right task. While working remotely, it is easy for lines to blur between work and home. It’s important to ensure that your business data does not get mixed with your personal data. Remember to use business resources for Business, to store and share content for work. Don’t use consumer offerings for business data while you are remote.
8. Turn on device encryption. Device encryption ensures that data on your device is safe from unauthorised access should your device be stolen or lost.
Beware of phishing and identity scams
Cybercriminals continue to exploit victims even through this global crisis. Over the last two months, Microsoft observed that cybercriminals are utilising new lures related to the coronavirus outbreak and are being indiscriminate in their targeting. Here are a couple of observed attack methods to keep in mind:
9. Identity compromise is still number one point of entry. Attackers are looking to steal your digital identity for monetisation, spam, and access. Be on the lookout for unexpected websites and applications asking you to sign in with your credentials. The same goes for MFA requests. If you did not initiate the request, do not verify it.
10. Phishing is still out there. Be wary of offers that are too good to be true, pressure time, or promise a free prize. These are the same bad guys from before, but now they’re using the outbreak and public fear to drive a different action.
11. Don’t fall victim to tech support scams. Tech support scams are an industry-wide issue where scammers use scare tactics to try and trick you into paying for unnecessary services that supposedly fix a device, operating system, or software problem. Microsoft will never contact a user with an unsolicited offer to address a technical issue. And error and warning messages in Microsoft products never include a phone number to call.
Keshav Dhakad is Group Head and Assistant General Counsel, Corporate, External & Legal Affairs, Microsoft India.
Views expressed are personal.