The art of privacy

 - 
06/10/2020

The struggle is real in this COVID-19 world we’re all living in with so many uncertainties, concerns, distracted thinking, working from home … the list goes on and on. A huge concern that employers and employees must realize is that to enable continued, gainful employment and the ability to work from home, technology/hardware has to be protected from threat actors and processes have to be in place to fend off cyberattacks. 

First, thinking must shift to that of protection, then the light-bulb realization that cyberattacks have and can destroy companies must be understood, followed with proper action taken now. 

Easy access - phishing

People working from home may be stressed and distracted — one of their family members or friends has tested positive for COVID; the dog barks at every slight noise; kids screaming, running around the house; spouses/partners working from home; trying to figure out what to make for dinner; doing laundry; loading/unloading the dishwasher between emails; etc. People are literally “half thinking,” putting themselves in cruise control when it comes to work duties. The bad guys know all of this and are taking advantage of and preying on you and other work from homers. (Doesn’t that tick you off? It makes me furious!) 

What are the bad actors doing? Deploying phishing campaigns that look very real and even “feel” real to recipients. These are known as “client-side” attacks and some are so well-done they can fool anyone!

What can employers do? Ramp up efforts on phishing awareness training and simulations. Encourage work from homers to “go phishing” by sending fake phishing emails to see which employees take the bait. Offer prizes to employees who don’t fall for it, such as awarding grocery store gift cards to the first 5 employees who email a certain person within the organization saying they discovered a phish!

What can employees do? 

  1. Separate devices for work/personal use, if possible. 
  2. Consider using direct Ethernet connection. 
  3. Ensure wireless connection is not open and is very secure. 
  4. Use VPN to access/interact with employer systems/data. 
  5. Upgrade router and modem firmware. (Usually internet and/or cable providers will upgrade modem firmware but verify this with them).

Mobile devices – where have you been? 

Eerily, iOS devices keep a record of all location data, so obviously Apple, third parties, whomever the data is sold to, bad actors who want to stalk or harass others, etc. can access this data. 

In other words, bad actors can determine exactly where you’ve been, physically, and likely to return to at a later date! 

Check this out: on your iOS device go to settings – privacy – location services – system services – significant locations = a list of all past locations you’ve been!

All I can say is: Turn. It. Off.

Smart devices in the home 

Remember, all services tied to smart/IoT devices are accessed through the cloud and a lot of people use the same credential across various accounts. If the cloud is hacked, threat actors gain access to your login information and then use this credential to try to hack all your devices or systems. So, if you’ve heard it once, you’ve heard it a thousand times … “make sure your passwords are robust and use different passwords/credentials for every account you have.”

Should a threat actor gain access to your smart devices, he or she can use knowledge gained or videos of you in your home as blackmail or extortion. And, remember, most of these devices allow sound as well, so bad actors could be listening to conversations you are having with your employer, co-workers, clients, etc. 

What employees can do? When having confidential and/or work-related conversations at home, unplug your cameras, then you don’t have to worry about anything!