With Covid-19, many of us have found ourselves working remotely much more often, or even exclusively, and we can likely expect remote work to be commonplace. Unfortunately, this opens up a goldmine of opportunities for hackers and scammers to steal your files, money and identity, so you need to be more vigilant and careful now than ever before.
What Hackers are After
There are three main valuable things that hackers and scammers are trying to get access to:
Your identity is an excellent tool. Criminals are thrilled to use your good name to get money or perpetrate a crime. There are a variety of specific types of identity theft, but financial identity theft is by far and away the most common. Financial identity thieves will use your identity either to get directly at your own money or get new money (loans, lines of credit) in your name.
Sometimes the criminal just wants a quick way to get at your money. The fastest way to it is often directly through you — so one of the most common tactics that these criminals use is called “social engineering”. This is where you get an email, text, phone call, or even snail mail from someone that is trying to swindle you out of your money. These attempts often seem legitimate on the surface (using official logos and names of real businesses), include a threat (of legal action, fines, or arrest), or a promise (you will get some huge lump sum of cash) and usually include a sense of urgency (you must respond within 24 hours or else…). The messages are designed to prey upon our humanity and emotions and get us to react out of fear, excitement or even sympathy.
Your data has an immense amount of value. Your files can be the key to stealing your identity or money directly, or they can be used by a criminal as leverage to get you to give them whatever they want. The latter is often perpetrated in the form of “Ransomware”, which is a special kind of malicious code that can infect your computer and encrypt your files so that they become inaccessible to you. The criminal then offers to let you back into your computer if you give them what they want (usually money). Sometimes these schemes are disguised as legitimate tech support companies that offer to “fix” your computer, and the victim is not even aware that they have been scammed.
What You Can do to Mitigate Risk and Increase Security
Be Judicious: Always Suspect a Scam
Be very cautious of messages (no matter how they are delivered– email, phone, text, postal mail, on an app or website) and always default on the side of caution. If the message includes a threat, a promise, or a looming deadline, you can probably assume that it is not from a legitimate source. Don’t reply or click on any links. If the communication is made to look as though it comes from an organization you do business with, reach out to that organization using contact information that you know is legitimate and ask them if they know about the communication.
One example that we often see is in regards to domain name registrations. Once or twice a month a Nine Planets customer will ask us about an email or a letter they got in the mail saying that their “domain search registration” is due. These are almost always scams. If you are a Nine Planets customer and you get a notice purporting to be about your website or domain name and you are not absolutely certain that it came from us, please let us know right away. We are happy to check it out!
For more information about phishing and how to identify attempts, visit https://spanning.com/blog/phishing-everything-you-need-to-know/
Choose Complex Passwords
Choose long, complex passwords that include upper and lowercase letters, numbers and symbols. Try not to use common words or phrases. Do not use the same password for multiple sites. It is also important to change your passwords frequently — There have been so many data breaches that it’s likely that hackers have access to one of your older passwords, and if you keep using it, you’re giving them easy access to your accounts. If you are curious, you can check to see if a password is in hackers’ public database of stolen passwords: https://haveibeenpwned.com/Passwords.
Use a Password Manager
Password management software allows you to store your passwords in an encrypted system and access those using a single, complex password. The benefit is that you only need to remember and vigilantly guard a single password and the software does the rest. If you share password protected accounts with other people (family or work team members, for example) you can share password access with those people without giving them the actual passwords. It is also easy to revoke all passwords to a certain individual, if the need arises. Most of these apps you can install both on your computer as well as your phone or tablet. Check out this article on the Best Password Managers by Tom’s Guide.
Use Two-Factor Authentication
Two factor authentication (also known as 2FA) is a method of logging in and confirming your identity by using a combination of two different factors:
- Providing something only you should know (your username and password) and
- Providing something only you should have (like access to your cell phone or email account).
One example of two factor authentication is where you try to log into a website using your password, and it sends you a text message or email with a one-time passcode that you need to enter before you can log in. Lots of websites and apps support this approach, and while some people feel like it is an annoying extra step, it really goes a long way to derail hacking attempts.
Make Frequent Backups
This is good advice, not only for your website, but also for your local files and anything you have on cloud storage. Backups protect you if you lose primary access to your files, for example, if your hard drive goes out or your cloud storage service goes down (even temporarily).
Backups are also important if you are the target of a ransomware attack. It’s not just mom and pop that need to worry about ransomware. The City of Atlanta was attacked and hackers requested 51k in bitcoin. Atlanta didn’t pay them, but it ultimately cost taxpayers 17 million (read more about the incident here: https://www.businessinsider.com/cyberattacks-on-american-cities-responses-2020-1). The risk is typically smaller for smaller businesses or individuals, but think about the problems you’d have if you couldn’t access any of your necessary files!
Keep Your Security Software and Other Apps up to Date
This includes desktops, laptops, tablets, phones, and websites — anything that is computerized. Updating your software patches security holes and other vulnerabilities that hackers can take advantage of. Not updating those is like leaving the back door to your home wide open 24×7. Internet routers also need periodic firmware updates to keep your home and business networks secure. (Read more about router firmware updates here: https://www.consumerreports.org/wireless-routers/outdated-router-firmware-poses-security-risk/) Do you have other “smart” devices, like a washing machine, door lock or thermometer? Those will need regular updating as well, to keep them and your house and office safe and sound.
If your website uses a Content Management System like WordPress, Shopify or Drupal, those systems will require periodic updates as well, and it is important to address those updates as soon as you can after they are released. Your website is a public portal to your business and might even include payment processing, so to keep your customers and good reputation secure, you need to have a solution for frequent backups and updates. If you do not frequently log into your website, you may want to look into a solution that automatically backs up and runs updates when they are available. We offer automatic daily backups and bi-weekly updates for WordPress through our Managed and Managed + hosting plans or just ask us about the best options to help keep your site up to date and secure.
We hope that these tips will help stay safe in your personal and business life while you spend more of your time online. We’re here if you need advice or help on anything website related, so just let us know if you have questions!