The latest assessment of cyber infections that targeted users in Egypt has shown a clear tendency, with a decrease in malicious activity on weekends according to Kaspersky researches. While during an average Friday, the malicious activity blocked by Kaspersky security solutions prevented malware attacks on nearly 45,000 users on average, the figure for the weekdays was around 66,000.
“Attackers’ best chance to succeed in achieving their malignant acts, is most often targeting persons behind a keyboard, as the vast majority of threats simply circulate the internet by email, aiming for users to open a malicious attachment or click on a snare web-link (visiting a phishing website, for instance),” says Maher Yamout, a security researcher at Kaspersky. “Given all this, it is obvious, that the more users are using laptops, mobile devices and PCs, the more chances they have to download malware.”
“Besides, very often, criminals just scan random IP addresses, probe the ones that can be found online and attempt to infect them. Good news is, corporate networks most often are equipped with security solutions to prevent the infection launch,” he added. “This is why we would like to appeal to those who now have to use personal devices while working at home during home-isolation: please take basic precautionary measures. Some easy steps might save you and your device a lot of troubles.”
Follow these 6 steps to protect yourself while working from home:
- Apply the latest updates to your operating systems and applications as soon as they become available.
One of the main attack vectors in 2019’s ransomware municipal attacks was compromising a device through a security weakness. The most widespread cyber epidemic (Wannacry ransomware) to date was the result of an unpatched weakness that Wannacry exploited, though the patch was released even before the malware outbreak. And yet Kaspersky statistics shows that even now, three years later, there are still outdated devices open for such exploitation. In 2019, Wannacry accounted for a quarter of cases that involved users infected with ransomware.
2.Only use authorised VPN software to connect to your corporate network, and use known-legit VPN software if you are working remotely using public WiFi.
When you’re connected to the Internet through a VPN connection, this private Internet access ensures that you’re not exposing your private information. A VPN connection establishes a safe passageway through all the insecurities of public networks. If you need to connect to your corporate network, ensure you are using your corporate VPN in tunnel-all-traffic mode to avoid data leaks.
3. Always type-in web addresses yourself. Don’t click on links or attachments, or respond to unsolicited messages.
Scammers might employ various tactics to comprise users. Some include manipulating words for visual deception, such as replacing the capital ‘i” with a lower case L that are almost identical visually (try to tell ‘l’ from ‘I’”). Also, modern spam and phishing can be very convincing, inviting you to click on a hyperlink with an address of an authentic website. However, what you see is only a hyperlink. Malefactors might want you to land on a phishing website, and so they have to direct you there with a link or a button. But if you hover your cursor over that link, the URL’s destination address will appear (in the bottom left corner of your browser or e-mail app, for example).
4. Backup your data regularly to an external drive that you keep offline to avoid losing your private information.
Backup should be performed regularly and also before any important operations, be it hardware upgrades, installation of patches, data migration or new programme installation. No matter how technology develops, a good old backup will never lose its value, keeping us resilient in a difficult situation should an incident occur. It is preferable to use automatic backup solutions that will allow you to restore relatively up-to-date data and avoid losing vital work-related documents.
5. Only use apps from trusted sources, e.g. Google Play, the App Store, or the trusted portal you’re using or those provided by your workplace/educational institution. However, do not lose vigilance.
Remember that even a trustworthy source, such as an official app store, can contain dangerous apps. Be vigilant and always check application permissions to see everything that installed apps are allowed to do. Check the app ratings and reviews on official stores, such as Google Play or the iOS App Store. Malicious apps will sometimes receive low ratings and users will post comments that warn others about the risk of malware. If you are about to install such an app, pay extra attention to its permission requests. Always avoid uncommon app stores or unauthorised portals to download common apps.
6. Protect all devices with a reputable Internet security product, including mobile devices.
Look for a comprehensive security solution that includes antivirus, anti-ransomware tool, mobile security, password management, VPN, privacy tools, data leak detection, Home Wi-Fi security and payment protection. This will enable you to monitor working processes and detect malicious behaviours.