With the Virtual Summer Summit only days away, NetDiligence Global Events and Programming kicked off with a preview event, Cyber Smart Webinar, broadcast on June 24, 2020. The program featured speakers Jim Stickley (Stickley on Security) and Paige Hanson (NortonLifeLock). After the event, NetDiligence followed up with Hanson for a discussion of “Cyber Smart Tips.”
NetDiligence: Thanks for joining us! You and Jim covered a lot of hot topics while walking us through the life cycle of an attack – phishing, malware, sextortion, breachstortion – but I was struck by how much of the information was immediately actionable on an individual level.
Hanson: Yes – it’s important that even among industry professionals working in cyber security, we all understand ourselves as consumers. We are constantly using our devices, and if there is any crossover between personal and professional use, we recommend that people keep them separate. Many people are able to do that with computers and laptops, but phones and tablets are often another story.
NetD: And the mix of personal and professional use is undoubtedly exacerbated by our current situation, with many people working remotely.
Hanson: Often, people think of their devices as being more secure than their computers, but it’s really not the case. Malware can enter through texts and even apps, and we tend to be more trusting of those. Hackers are growing more sophisticated, and if you are only alert to the old phishing emails, you’re likely to miss these newer strategies.
NetD: So, review for us some of the most important actions we can take immediately.
Hanson: First, understand that your device will default to choices that maximize convenience, not security. Taking the time to look at the permissions for each app can be time consuming, but it is really worth it. For example – yes, it’s helpful for your weather app to see your location, but it that necessary 24/7? Even when the app isn’t open? Not really. So, why would you allow that app to have full-time access? Similarly, keeping your apps and operating system updated is essential. Updates often address security issues, so accepting them in a timely way is an important step. Another creative tip is to use a different email address for all social media accounts. This way, if you get a social media related phishing email to your regular email address, you will catch it quick.
NetD: You also spoke of “curating your information.”
Hanson: It can be tempting to make your LinkedIn profile look full and robust, but remember that any information you put out can be used by hackers. A profile that lists all your systems proficiencies also tells hackers exactly what systems you are using on the job. A profile that shows a recent job change tells hackers that you may still be learning who’s who in your company, making you ripe for phishing from a fake coworker. A sophisticated hacker is going to spend time looking for the weakest link, and the information you put out makes their job so much easier.
NetD: Jim’s example demonstrated this perfectly. I was amazed at how long he was in the system, just collecting information.
Hanson: Absolutely. In Jim’s case, you’re seeing a person digging through a potential victim’s Facebook posts to get enough information to spearphish his victim. When the attack is deployed, the email is often sent with malware that will take over the victim’s camera, become a keystroke logger or even lock up the computer with ransomware. Being cautious about clicking on links and attachments is the first step to in maintaining cyber security.
Cyber Smart Webinar was sponsored by NortonLifeLock and presented as part of NetDiligence’s Virtual Summer Summit. As a leader in consumer cybersecurity, NortonLifeLock safeguards members’ personal information in today’s evolving digital universe, providing you with a powerful solution to help keep your insured’s cyber safe. Talk to their Cyber Risk Solutions team today for more information. The Summit continues with programming June 30 – July 1 and throughout the summer. See https://netdiligence.com/conferences/ for more details.