With cyber threats and attacks in the news, you’re likely familiar with the terms associated with a cyber-attack, be it a phishing campaign, ransomware, malware, DDoS attack, identity theft, etc. You may also be familiar with the consequences of such attacks, including the fact that global losses from cybercrime shot up to nearly USD 1 trillion in 2020.
The first thing to understand is that mitigating a cyber-attack falls under the key responsibility area of your organization's IT team. Having said that, unsecured devices – whose number has surged in the remote work paradigm – are among the most common entry points for hackers. Therefore, employees are also required to exercise cybersecurity hygiene at their level so that they become part of the solution rather than the problem.
Let's look at some of the steps you can take to ensure that your chances of being a "vulnerable target" are minimized.
1. Activate multi-factor authentication
Remote workers are using multiple digital platforms to connect and collaborate with their colleagues and team members. To prevent identity theft, the use of strong passwords with a minimum of eight characters and the option for multi-factor authentication (MFA) is a must. MFA adds additional layer of defence to help ensure that you are controlling who can access your account.
2. Practice good password hygiene
Managing multiple “strong” passwords has become a hassle for the modern netizen. But the challenge of remembering several passwords cannot be an excuse to use "easy to remember" passwords as they are also "easy to crack". Besides using complex passwords, good password hygiene involves regularly changing your passwords and never reusing them. You can also use advanced password management solutions such as LastPass by LogMeIn to log into, and share sensitive information over, multiple accounts securely and conveniently.
3. Update your devices and software regularly
The remote working trend has brought an array of devices into the enterprise fold, all of which need to be updated regularly to ensure they are secured from malware, ransomware, and other cyber threats. You can ask your IT teams to run a regular diagnostic check-up of your device. Tools such as LogMeIn Rescue allow sysadmins to remotely diagnose, repair, and maintain devices.
4. Keep up to date on the evolving threat landscape
There is no substitute for being aware of the latest developments in the cybersecurity domain. Read up on news, articles, and whitepapers to stay updated on how the attacks can look like and what you can do to prevent that from happening to you. It is also advisable to have a dark web monitoring feature – as enabled by LastPass – that can alert you as and when your information is exposed online.
However, despite all the precautions, you may find yourself at the receiving end of a cybercrime. The zeroth step is to identify that you are under attack.
You may, for instance, find yourself locked out of your account after clicking on a link in an email that says, "Reset your password." You may notice frequent pop-up windows, especially the ones that encourage you to visit unusual sites. You may observe changes to your home page, mass emails being sent from your email account, and frequent crashes or unusually slow computer performance.
In any of these cases, you should immediately follow this important step:
5. Alert the IT department
In most cases, if you are falling prey to a cyber-attack, you will be unable to take any action. In such circumstances, report the criminal activity immediately to your security department. They will know how to identify your device and its activity on the network and advise you on what needs to be done. If you are unable to contact the security department, log on to your company's internal help system and report the criminal activity. You may also want to send an email from a different device that is not part of your company network.