The three definitive tips for good online security
The three biggest cyber-risks we have to face this year 2021 are as follows, and that’s why we need to take a number of steps to be prepared
Combating automated spear phishing attacks
One of the main security threats that everyone should consider is spear phishing. These attacks consist of highly targeted and compelling emails with concrete and accurate details about you, your business or your personal life. It aims to get you to click on a malicious link that will lead you to provide login credentials, download files that spread malware, reveal sensitive information or even transfer money. In the past, spear phishing required hackers to go through manual and slow processes, but this will change in 2021. From Panda Security, to WatchGuard Brand, we believe that threat authors will combine automated phishing tools and programs capable of tricking social media and various websites into triggering a wave of personalized and credible spear phishing attacks. By eliminating manual processes, cybercriminals can increase the volume and success share of their campaigns. Moreover, as long as society continues to face the impact of COVID-19, global political conflicts and general financial insecurity in 2021, these automated spear phishing attacks are expected to take advantage of fears related to the pandemic, politics and economy.
Some security services, such as DNS filtering, can prevent these attacks from succeeding, but an essential practice to avoid falling victim to spear phishing is to be alert to warning signs. Stay tuned for requests from bosses or co-workers that seem out of the ordinary. Check for details that don’t add up. Always check your entire email address to make sure it comes from a legitimate source, but don’t always trust it, as attackers can forge email addresses if your domain doesn’t have the right protections. In short, there is to remain attentive and extreme caution. Never download files from unknown senders, ignore the link, and instead manually type the destination and, if in doubt, forward the email to IT or security for further inspection.
Watch out for worms attacking domestic networks
The pandemic forced most of the world to move to work practically from night to morning. This change has persisted over the past year and will continue throughout 2021 and beyond. As a result, you can expect cybercriminals to change their tacticsand create attacks aimed at you while you work at home, away from protecting corporate security controls. We expect cybercriminals to exploit your (probably) underprotected home network as a means of accessing valuable corporate terminals. Malicious hackers will use worm functionality modules in malware designed to deliberately search and infect company laptops with VPN connections to try to infiltrate corporate networks.
You can do two things to make sure your VPN connection doesn’t become a backdoor to your corporate network. First, make sure that your IT or security department has some kind of terminal protection service installed on your home computer. Second, ask IT to verify that your VPN requires a endpoint health check before allowing connections back to headquarters. In this way, worms that attack home-connected devices to reach corporate networks will have more difficulty infecting the computer in the first place and will not be able to make a VPN connection if they are infected or lack the usual security policy.
Adopts a password manager and implements MFA (Multi-Factor Authentication)
The authentication attacks and data breaches that drive them have become everyday. Cybercriminals have been incredibly successful using the pieces of stolen usernames and passwords available in clandestine forums to breach organizations through password-spreading attacks and credential filling. These attacks take advantage of the use that many users still do not choose strong and unique passwords for each of their accounts. Just look at the dark web and the numerous underground forums. There are billions of usernames and passwords from various widely available breaches, with millions added every day.
Another way to improve your (and your company’s) security posture is to use a password manager and multifactor authentication (MFA) whenever possible. Password managers can help create strong and unique passwords for each and every one of your online accounts. This will ensure that attackers cannot use a compromised credential to access multiple accounts. Combining a good password manager with MFA across all your important accounts is the most effective way to prevent unauthorized access.