Keeping Your Data Safe While Working from Home

We sat down with NJTC member, Symbol Security. President and Co-Founder, Craig Sandman, has focused his efforts around ending phishing and other cyber risks people might face. Teams are more digitally connected than ever, which presents the need for information and mitigation around phishing and cybersecurity to keep your data safe while working from home. 

Keep the Fortress, Well, Fortified.

Cybercriminals are smarter and more targeted than ever before. These crooks are evolving in their crimes as quickly as updated cybersecurity is becoming available. 
Our downfall is their greatest advantage: 
Humans. 
Humans are a very weak link in a company’s security chain and should have some accountability in cybersecurity as well.
Companies spend millions of dollars on their IT security infrastructure and are essentially building a fortress around all of their sensitive information. 
As an employee, you have access to that information and systems. 
You are in your company’s “castle,” so to speak, and the next phishing attack is as simple as you opening the castle door and engaging with a cybercriminal via email, text or social media. An organization can effectively build out a cybersecurity system, but the threat is still there if employees are not knowledgeable about the different attacks that exist.
Knowing the difference between clicking the right link in an email versus downloading a file that targets sensitive information can make a significant difference. 
Scary, right? 
Let’s back up and define what exactly is phishing.

What is Phishing?

Phishing is a cybercrime methodology of luring a victim into taking an action (fraud, access or divulging sensitive information) based on a false pretense. 
Victims don’t know they’re interfacing with a criminal.
These cybercrooks phish because it is EASY. 
Here is what they want from you: 

  • log-in information and data
  • banking and credit card information
  • intellectual property 
  • influence

Flashback to the 2016 Democractic National Convention hack where emails from campaign officials were stolen by a group of Russian hackers. 
A popular phishing attempt is spoofed emails. 
A spoofed email is a fabrication of a well-known business’s email in hopes of duping the recipient into thinking the email originated from somewhere other than the intended source. 
Spoofed emails are nuisances because they ask the recipient to provide personal information like a password or credit card number. 
If given, these can cause significant problems and sometimes pose a real security threat. 
Some cybercriminals are spoofing so perfectly that to an untrained eye, it may look credible.

Is Amazon Really Asking You to Re-Verify Your Account?

Spotting a phishing attempt can be easy. 
To identify a fake email, Craig highly recommends expanding the sender name to ensure it is coming from a legitimate sender. 
Cybersecurity
Did you receive an email from a coworker or internal department that does not make sense? 
Did IT really need you to download that document? 
When in doubt, pick up the phone and call your IT department to confirm a suspicious request.
Beware of the subdomain and look for manipulations. 
Cybercriminals use subdomains to fool users into thinking the URL is from a legitimate company. They use a well-known business name in the subdomain but the fraudulent location remains in the primary domain.
Example: www.amazon.passwordconfirmation.com 
The subdomain in the example is “amazon” and the primary domain is “passwordconfirmation.com”. 
It may look like a credible source but if you clicked the link in the example above, you would not be visiting Amazon. 

Do Not Click! Hover Over Links

This best practice can’t be stressed enough. 
Assess your emails for anything that looks odd or seems out of place. While scanning your email for out of place links, domains and such, make sure to scan the actual content of your email as well – does your boss really need you to purchase 10 gift cards for $100 each? Probably not. 
If a link is present in the email, hover your cursor over the link to reveal the URL without clicking. Ask yourself if the link URL is pointing to a legitimate website with an easy-to-read web address.
Don’t be fooled by logos or the message of the email. Any cybercriminal can reproduce email communications to look exactly like a company you do business with. Instead, go to the website directly to log in and check for notifications.

How To Keep Your Data Safe Working from Home

Unfortunately, scams can happen at home, too.
It is highly recommended to have different passwords for your work and personal devices and accounts. 
Your Netflix account password should not be the same as your work password. 
Consider a password manager such as LastPass or 1password to help you store your passwords and create strong credentials. 
Use two factor authentication for every account that has the option available.
Practice WiFi safety by creating a network specifically for your guests. 
Craig recommends not sharing your WiFi password with your children or people who live outside of your residence. Doing this will help you avoid a compromised network.
We love our children and their happiness is our happiness, but keep your work and personal devices separate. Avoid letting your children use your work device to watch Youtube or play a game. 
Protecting your data at home is just as important as being in the office. 

Watch The Full Webinar Presentation: Work From Home Cybersecurity 

Check out the full webinar where our audience got to test their phishing skills and pick up some best practices on cybersecurity.

NJTC has compiled useful links and past videos/webinars to utilize as resources to help your organization during COVID-19.  Safety measures, best practices and more on our COVID-19 resource page are available here.

https://techunited.co/wp-content/uploads/2021/07/Symbol_NJTC_WFHandPhishingTraining-1.pdf

Share:

Share on facebook
Share on twitter
Share on linkedin

Magazine

PSEG CEO Ralph Izzo Attends COP26, Calls for Urgent Action on Climate
Izzo one of only three U.S. utility CEOs to attend historic climate conference in Glasgow (NEWARK, N.J. – Nov. 5, 2021) PSEG Chairman, President and CEO Ralph Izzo is traveling ... Read more
Internet Creations Celebrates 25 Years, Announces Rebrand to Vicasso
Internet Creations Celebrates 25 Years, Announces Rebrand to Vicasso
Company invites all to discover the art of what’s possible with Vicasso’s Salesforce solutions and services  Hamilton, NJ, October 20, 2021. Internet Creations, a Salesforce ISV and consulting partner focused ... Read more
Together with Board Members and Cross River, TechUnited launches Women & Minority Business Owners Mentorship Cohort
Cohort provides underrepresented founders & CEOs with executive mentorship, partner resources, education, & massive brand recognition. NJ — September 21, 2021— TechUnited has teamed up with its Women in Tech and Diversity ... Read more
TechUnited and PSEG announce BetterPlanet Challenge Finalists
Together with BetterPlanet program partner PSEG, TechUnited hosted its 2nd annual TechUnited:BetterPlanet Challenge Semi-Finals on Thursday, September 16th.  The Semi-Finals event, which can be viewed above, kickstarted our excitement for ... Read more
Comcast Business Announces Two-Year, $26 Million Investment to Expand High-Performance Broadband Network in Greater Philadelphia, New Jersey
Investment extends network to previously unserved businesses requiring high-capacity network services and can deliver speeds of 1 to up to 100 Gigabits per-second PHILADELPHIA – Comcast Business today announced a two-year, $26 ... Read more
Bloqcube® mentioned in the 2021 Gartner ® Hype Cycle™ for Life Science Research and Development, 2021 and Hype Cycle™ for Life Science Commercial Operations, 2021 third year in a row.
Bridgewater/Piscataway, NJ May 31, 2021– Bloqcube Inc, the Piscataway based e-clinical software company, was mentioned in two 2021 Gartner Hype Cycle reports o (available to Gartner subscribers). The report titled “Hype Cycle ... Read more