© 2020 by Nick B. Nicholaou, all rights reserved President, Ministry Business Services, Inc. Reprinted from MinistryTech Magazine
Most of us are looking forward to the day when we can venture out with as much relative ease as we previously enjoyed. But we’re all a little out of practice, so what are the safeguards we should keep in mind?
The usual suspects are not using the pandemic as ‘time off’. They continue to write emails and use other methods to try to get people’s credentials so they can steal as much as possible–all the way up to and including our identities! In fact, as I wrote this paragraph, I received another email inviting me into a relationship that would have my harm as its goal.
We all know about SPAM threats, and websites that may have been compromised (injected with malware because they did not keep up with their security patches, etc). But new threats are coming at us all the time!
For instance, I learned a few months ago about ‘juice jacking’: compromised USB port charging stations! These have actually been around since 2011, but are growing in number. Whether in airports, at hotels, and so on, public USB charging stations can be easily hijacked to facilitate file transfers and malware transfers.
In addition, many public WiFi systems have not been configured to block the ability of others on the same system to read your WiFi data transfers.
And then there are the one-off attempts to get us to wire money or buy Amazon or Apple gift cards and text them the codes on the gift cards. Those cannot be stopped, by the way; they are one-off attacks built from focusing on your organization. The bad guy studies the staff structure on our website, and emails us to get a sample of our email signature. Then they use all that against us—only us. Unpreventable.
Computer Best Practices
I use a Mac, which is as vulnerable to most kinds of attacks as Windows systems. The reason is that most of today’s attacks easily transfer to other systems. So, when I attach to my organization’s data, if I have a malware that is written to only exploit Windows systems, it may transfer from my Mac to other systems via our shared data storage.
We recommend that every computer, notebook, and server run an enterprise-class anti-malware solution. The one we like best is thirtyseven4.com. It is a terrific balance of cost and features.
- When you receive an email, be very cautious of any links included. If the sender was someone you expect to receive email from (if not, delete the email!), hover your mouse over the link so you can see where it’s planning to take you. Doing so should show you the link’s details; doing this can save you big headaches and money.
- If you receive attachments, always save them to your desktop before opening them. Doing so will ensure they are scanned by your anti-malware solution, and putting them on your desktop will remind you to delete or move them later!
And never connect your computer to public WiFi. Instead, use the hotspot included in your smartphone. The speed will be a bit slower, but the connection will be secure.
Mobile Device Best Practices
In addition to not connecting to public hotspots, do not use public USB chargers–even when they’re in places you might consider safe (like an airport or hotel room). You don’t really know if the port is safe.
The USB charging port shipped with your device is safe, as well as those you buy from the smartphone manufacturer. Only trust those.
Training is Essential
The least expensive way to safeguard your organization is through training. The problem, though, is that IT training is never fun, so many tune it out. There is a solution! And it is very inexpensive!
We recommend setting up an account with KnowBe4.com–make certain you let them know that my firm, MBS, referred you to receive up to a 55% discount on their published rates! KnowBe4 will email those in your organization on a periodic schedule, like monthly, with authentic looking emails. Anyone who responds to the email incorrectly–clicking on a potentially dangerous link, for example–will have to watch a short video about why they shouldn’t have done whatever they did. Organizations using this tool have seen their team go from more than 85% having bad habits to under 10%!
Regarding the one-off requests for money, remind your staff regularly that no requests will ever be made by email, fax, or phone. Only in-person requests should be considered valid.
So, as we get ready to begin venturing out of our homes and traveling again–whether locally or further, keep these safety steps in mind. And keep your phone charged!
Terrific reminders, Mr. Nick.
Thanks very much.
I always appreciate your input.