We Are All Aware of Hackers During COVID-19 — Now How Do We Prevent Them?

Hackers are everywhere. They look just like you and me; you might see them in a grocery store, online at the pharmacy, or sitting at the table next to you at a restaurant, but you would have no idea of the capabilities they possess. By definition, a hacker is a person who illegally gains access to and sometimes tampers with information in a computer system. This means they have the talent to install viruses and malware that can allow them access to your personal information and the unauthorized use of your computer.

With technology being an important part of our lifestyles, you may have already known that. But what you may not realize is the magnitude of the power they possess over a network with more accounts than citizens in the United States or the trickery and influence they can have over your mind.

Not Sure If I Can Believe You Without Examples

I see Facebook posts and small business articles every day about the distress of realizing there is a virus in a system followed by a plea for a computer whiz to remove it. Would you believe me if I told you that you could be that computer whiz? First let me give you some more specific examples.

Just over a month ago, on June 19, 2020, hundreds of thousands of personal police files and sensitive investigation information were leaked online stemming from a breach in Houston, Texas. These so called “BlueLeaks” contained not only police reports but international bank account numbers (IBANs) and other financial information from over 200 police departments spanning over ten years.

Some of these files belong to the national government, shouldn’t they be better protected? Yes, of course, but no security system is perfect no matter their size or importance. The BlueLeaks data breach is at risk of exposing private investigations and endangering lives.

Security breaches don’t just happen on the business level, they can happen to anyone. A malware gang identified as RATicate found its way onto many personal devices through the installation of NSIS, a Microsoft Windows-backed authoring tool. RATicate gave the cyber criminals behind the operation access to the files, screen and webcam activity of its victims and the ability to download additional malware.

Another recent example that might blow your mind is an attack on Twitter. On July 15, 2020, Twitter’s internal systems were attacked by a socially engineered phishing operation allowing hackers to obtain access to millions of accounts. User accounts by Barack Obama, Apple, Wiz Khalifa and too many more posted tweets about doubling funds sent to them by fans through Bitcoin; the operation made the hackers $110,000 in only a few hours.

Enough Scaring Me, What Can I Do to Prevent All of This?

One of the best ways to ensure that you are the one logging into your account is to use multi-factor authentication. There are two out of the three following that you use to gain access to your accounts: something you have, something you are, and something you know. So if you know your username and password, you need a second something to authenticate, like a downloaded application on your phone or a biometric scanner like face ID or fingerprint reader.

There are a handful of applications you can download. My university requires a two-factor authentication to sign into our school accounts using the mobile app, Duo. At UOTech.co, we use the mobile app, Okta Verify. We also ensure that our clients’ account information is safe, so we help them use the mobile app, Microsoft Authenticator. All of these perform the same function, it’s all about the software you’re using and preference.

How the multi-factor authentication works is, after typing in your log-in credentials and clicking “Sign-In,” a notification will be sent to the mobile application on your device asking if you were the one attempting to sign-in. This prevents hackers who have your log-in credentials from accessing your account without your knowledge or permission.

Another simple, yet not well-utilized tip is ensuring you have a strong password. When signing up for a website that requires a stronger password than your go-to, many people just add a 1 or an exclamation mark to the end of an existing password. While easy enough to remember, that doesn’t necessarily count as a strong password.

An easy way to check if your password has been exposed in data breaches is by using the website haveibeenpwned.com/Passwords. It will notify you if you should or should not use your current password and help you generate a secure, unique password to protect your account.

Email Rules

Rule number one: never send confidential information over unencrypted email. Most of the time when passwords, credit card numbers, or other personal information is requested over email, the email is a scam. Sending money over an email to help provide clean water in developing nations sounds like a nice gesture, but if you’re going to donate, consider doing so through a more trusted site.

Rule number two: verify that the sender is who they say they are. Always check the spelling in the email and in the message; if something seems out of the ordinary then investigate it as it is very likely a scam. Follow up with a phone call or video chat if the sender is asking for information. Confirm their identity and why they need access, do not just reply to the email. Alongside that, do not give anyone unsolicited access to your computer, even if they state they are from an IT company.

Rule number three: never download attachments or open links from an email with an unknown or suspicious-looking sender. This is how hackers can download malicious software to your device and verify your account credentials.

Adding a profile picture to your email account may help recipients quickly identify that you are the legitimate sender, and if a scammer attempts to impersonate you, the recipients have a better chance of recognizing that it is a scam.

Other Protections

Have proper malware protection software on your computer. Always be aware of where you are downloading software from and be sure it is from a trusted source. Software developers will work with device and operating system manufacturers to make sure the software is “signed” or approved by your device’s parent company for authenticity.

Stay up to date with software, because as soon as there are loopholes your device will be vulnerable. An unpatched device is one type of vulnerability and can make you a target. Stay on top of system updates, software bug fixes, and security patches. Managed IT service providers can help you ensure that your data is secure, systems are up to date, and all your technology is running smoothly.

Some security software I would recommend downloading are Sophos or ESET. These antivirus and security software not only provide protection against ransomware and trojan horse attacks, but, because they are heuristically-based, they don’t just scan files and ignore them, they continuously watch the files and detect patterns based on global attacks and the behavior of the files and programs running on your computer.

Always lock your computer when you are not using it. Even if you are home, hackers can still obtain access to your files. If you have an IT company, you can have them set an auto lock timer on all company computers.

Most importantly, back up your data. Create a cloud backup of all your data, vary your backups, have backups on and off site, and have a physical and local backup of your data, as well. If something happens to an external hard drive or if you have a power surge, having backups in multiple places will ensure access to your data in a timely and safe fashion.

Technology is a lot like the ocean, there is a lot yet to be discovered, and the deeper we dive, the more there is to look out for. Having extra protection such as multi-factor authentication, antivirus software, and stronger passwords is like adding an extra oxygen tank: it makes you safer, but you still need to keep an eye out for danger.