I N A S S O C I AT I O N W I T H
Cyber secure at home
Easy tips from the experts
Your essential guide to digital defence when working remotely
Worms, bots and ransomware explained How to stay secure when remote working
01
Tough on threats, light on your system Get the highest level of digital protection!
Bitdefender TOTAL SECURITY One product to protect all your devices, without slowing them down.
Product of the Year
Editor`s Choice
AV-Comparatives, February 2020
PC Mag, August 2020
Editor`s Choice
“Outstanding scores in independent lab tests and our web protection tests”
“A feature-rich suite that protects all your computers, phones, and tablets.”
Techradar, September 2020
Learn more at www.bitdefender.co.uk
I N A S S O C I AT I O N W I T H
CCYYBBEERR SSEECCUURREE AATT HHOOMMEE
Welcome to your essential guide to digital defence when remote working Mike Moore
is News & Features Editor across both TechRadar Pro and ITProPortal. He has worked as a technology journalist for more than five years, including at one of the UK’s leading national newspapers.
It’s fair to say that 2020 has been a tumultuous year for much of the world, with people across the globe facing challenges like never before. With new guidelines meaning that many employees are now working from home for the first time, it’s also been a challenging time for organisations of all sizes, who have had to adapt quickly to a new way of day-to-day which could change many industries forever. Although remote working offers huge advantages in terms of flexibility and efficiency, there are
doubtless issues around security which need to be addressed. Not being in an office can lead some to let down their guard, with hackers and scammers eager to capitalise on any weaknesses left by careless workers. TechRadar Pro has teamed up with Bitdefender to hopefully educate and inform on all things security, with this ebook providing a range of informative and up-todate advice on a wide number of areas, wherever your workspace may be. We hope you enjoy and find it useful.
Want more techradar.pro? Visit…
techradar.com/pro
@TechRadarPro
@TechRadar
@TechRadar
C Y B E R S E C U R E AT H O M E
24
brought to you in association with
26 Editor in chief Desire Athow Senior Editor Mike Moore Account Manager Tom Walsh Commercial Editor James Williams Art & Design Tom Chase Project Manager Boudicca Prince
All contents Š 2020 Future Publishing Limited or published under licence. All rights reserved. No part of this magazine may be used, stored, transmitted or reproduced in any way without the prior written permission of the publisher. Future Publishing Limited (company number 2008885) is registered in England and Wales. Registered office: Quay House, The Ambury, Bath BA1 1UA. All information contained in this publication is for information only and is, as far as we are aware, correct at the time of going to press. Future cannot accept any responsibility for errors or inaccuracies in such information. You are advised to contact manufacturers and retailers directly with regard to the price of products and services referred to in this publication. Apps and websites mentioned in this publication are not under our control. We are not responsible for their contents or any other changes or updates to them. This magazine is fully independent and not affiliated in any way with the companies mentioned herein.
04
Future is an award-winning international media group and leading digital business. We reach more than 49 million international consumers a month, and create world-class content and advertising for passionate consumers online, on tablet and smartphone, and in print. Future plc is a public company quoted on the London Stock Exchange (symbol: FUtr). www.futureplc.com
Future plc is a public company quoted on the London Stock Exchange (symbol: FUTR) www.futureplc.com
Chief executive Zillah Byng-Thorne Non-executive chairman Richard Huntingford Chief financial officer Penny Ladkin-Brand Tel +44 (0)1225 442 244
20
I N A S S O C I AT I O N W I T H
What’s inside… 06 Stay secure at home
Look after yourself and your tech while home working
10 Cybersecurity heartbreak Top tips for making sure you show security love in 2020.
12 Keep home devices safe Four steps to stay protected whilst working remotely
14 Guard against Malware
Protect your PC and Smartphone against malicious online threats
18 Ransomware protection
Don’t underestimated the dangers of malicious software.
20 Remote working guide
Follow these best practices when working out of the office.
24 Importance of VPNs
Why it pays to be familiar with a Virtual Private Network
26 Dangers of Malware
What is malware and how dangerous is it?
30 Router security
32
Why your router could be the number one security worry
32 Up your online security
Make sure you stay safe whilst isolating with our top tips.
36 Keep your family safe online Three steps to keep your family’s online prescence protected
38 Digital phishing red flags 18
Protect yourself from all the latest threats with our guide.
05
WORK SMARTER FROM HOME
Everything you need to keep you secure when working from home Look after yourself and your tech while home working
06
I N A S S O C I AT I O N W I T H
W
Below: Make a coffee then keep up to date with your home security
orking from home is a little bit different from working in the office. After you’ve endured the commute you spend your day in an office, normally using company kit and enjoying all of the trimmings that come with it. If you work for a larger company there’ll be an IT help desk and you’ll enjoy the benefit of broadband, IP phones and all those other in-office extras. There might even be free coffee. Working from home misses out most if not all of that stuff, but there’s no reason why you shouldn’t be able to enjoy officestyle support even when you’re holed up in the box room or working on the kitchen table. What’s more, if you’re working from home it’s just as important to make sure you’re covered by the same policies that safeguard you and your activities during the daily grind.
Antivirus advantage
Having top-notch antivirus software should be at the top of your shopping list when it comes to working from home. If you’re using a work-owned laptop then it should be up to date anyway, but it’s also important to ensure you (or anyone else) doesn’t start using it for non-work based activities. If you’re leaving your home-based desk space for any amount of time then it’s also worth logging out to avoid any unwanted tampering of your machine by family or friends, inadvertently or otherwise.
Proper protection
There are actually lots of pretty basic measures you can take to help ensure that you and your work are more secure when you’re working from home. Arming yourself with a Virtual Private Network (or VPN) is a great starting point. You’ll find plenty of different versions of the VPN available for download and having one installed on your machine will mean hiding your IP address, keeping your data encrypted and more secure as well as offering up location anonymity. To be on the safe side it’s probably best to go for a paid-for option, and bypass the free ones even if they look to be okay on face value. Installing a decent VPN is actually very straightforward, and once you’ve got it in place you’ll have a much more secure foundation for home working activities.
Password safety
We all use passwords and many of us have more than we care to remember, which is probably the reason why they’re so often easily cracked. If you’re using ridiculously easy to nobble passwords then it’s time to change them. Sign up for some decent password management software and get yours in much better shape. 07
C Y B E R S E C U R E AT H O M E
Don’t forget to do the same for your Wi-Fi router and get that nailed down securely. Similarly, if you’re in business and have to sign things then there are a number of esigning software solutions to make it easier to sign official documentation, especially when in PDF format.
Doing updates
Keeping your desktop PC or laptop up to date is vital, whether it’s your own or belongs to the company that you work for. Either way, updates should be done as soon as they’re needed. Be sure to run those regular software updates, as well as installing any new security patches to ensure that your laptop, desktop or tablet device is able to fend off the latest permutations of malware, ransomware and goodness knows what else that’s lurking out there in internet and email land.
Cloud backups
One of the best ways of ensuring that you’ve got copies of data if your own machine gets compromised is to use some form of backup software, especially to the cloud. You’ll find that cloud-based storage is plentiful, relatively cheap and can be expanded if you start running out of space. Having documents and other digital files located on a remote server somewhere makes a lot of sense because you can access it from anywhere and from any machine, assuming you have access privileges that is. If you’re working for a company then they may have their own preferred arrangement. If that’s the case then follow the rules, and don’t risk storing sensitive data or information that isn’t yours in random places. It could backfire badly.
Lock it up
It doesn’t matter if you’re using a work08
Be sure to run those regular software updates, as well as new security patches supplied laptop or your own property, looking after your tech is vital. If you’re working from home then you’ll hopefully have a little less to worry about than if you’re perched in a coffee shop or airport lounge, but it’s a good idea to be vigilant. Again, keep close tabs on your password and encryption software, to ensure that your property and any data stored on it will be as safe as it can be if it falls into the wrong hands.
Pesky peripherals
While many of us use cloud storage, or access a remote desktop for much of our
I N A S S O C I AT I O N W I T H
work, there is often the temptation to put files onto USB sticks and other portable storage devices. We’ve all picked up these random items from time to time and copied files onto them, not always being sure what they contain or even where they’ve come from. USBs and other dubious storage mediums can be packed with malware, so unless it’s something that’s been approved from a reliable source then give using one a miss.
Approved sources
If you’re working from home due to current circumstances then be sure to follow
Above: Remember to be vigilant with portable storage devices
the lead that has been taken by your employer. They should have provision in place for letting you use approved programs, and IT departments might even be able to install these for you remotely. We’re all doing lots of emailing, video conferencing and messaging at the moment, so ensure that the software installed on your machine is legitimate, reliable and, above all, as secure as it can possibly be. If you’re downloading programs yourself then try to stick to preferred sites, so in the case of Apple use the App Store and for Google use Google Play. 09
C Y B E R S E C U R E AT H O M E
How to avoid cybersecurity heartbreak this year
Our top tips for making sure you show security some love in 2020.
W
ith Valentine’s Day now a distant memory, it’s time to show the important people in your life how much you care - starting with the security teams. Security needs to be a year-round concern, with patches and updates rolling out around the clock, meaning you should always stay on your toes when it comes to ensuring your devices stay protected. But how can you go that extra mile and avoid being caught out in 2020? Here’s some top tips to make sure you stay safe online this year and avoid having your heart broken.
Break up with bad passwords for good
(Keep) using proper protection
We’ve all been told the importance of keeping our computing devices secure whether that’s a laptop or PC. But mobile and tablet devices also need protecting, so show them some love as well by ensuring they have the latest and most thorough security tools.
When it comes to love, the phrase “safety first” can often be trotted out to avoid heartbreak, and the same is true when it comes to online security. Using full and effective protection tools can make sure you don’t get hit by the latest threats. 010
Maybe you’ve forgotten all about the new year’s resolutions made in early 2020, or are thinking ahead to new ones for 2021. Use this time to dump your bad password habits, such as ensuring your passwords are strong using a mix of letters, numbers and symbols, using services such as password managers to avoid writing them down, and making sure you use different passwords for separate sites, so that if one organisation is hacked, your other accounts aren’t at risk.
Make sure all your devices are protected
I N A S S O C I AT I O N W I T H
Mobile and tablet devices also need protecting, so show them some love as well Feel the love with a VPN
Sometimes we all need a bit more privacy, and in this age of alleged government surveillance and the constant threat of cyber attacks, this need is greater than ever. Using a Virtual Private Network (VPN) can ensure your online browsing stays secret,
protecting your identity and the sites you visit from prying eyes, meaning you can surf to your heart’s content.
Share the love among the entire family
When it comes to effective online security, it’s not just a case of looking out for number one - everyone needs to be up to speed when it comes to staying protected. If you have shared-use devices in your home or workplace, all the users need to be aware of the possible threats they face online, as one seemingly obvious mistake could be costly. 011
ADVERTORIAL
R
emote working has been one of the biggest trends of 2020, as workers around the world adapt to the changes brought on by the global pandemic. With offices closed, many of us found ourselves working at home for the first time, switching to new timetables, hardware, and office setups. But just because you’re not in the office doesn’t mean you need to let your security protection lapse. Working from home can be just as dangerous as working in the office, but our top tips can keep you protected, whatever your new workspace.
1
Four security steps to make sure your home devices stay safe Make sure you stay protected whilst working remotely with these top tips.
012
Make sure all your devices are protected
Most of us now own many smart devices at home, with the usual laptop-tablet-smartphone family expanding to include a wide range of connected products. But no matter what devices you have at home, you need to make sure they’re properly protected. Items such as printers and internet routers may seem like passive participants in your working life, but they can pose an equal security risk to the likes of laptops and smartphones. These items often get overlooked when it comes to security protection, with easy to guess default passwords rarely changed, and software updates ignored. But all it takes is for one device to fall victim to a scam or virus for your entire network to possibly be compromised, so the need to secure all your products is greater than ever. Fortunately, Bitdefender Total Security is able to offer cross-platform support to make sure all your devices are secure. Whether PC, macOS, Android or iOS, you can ensure you stay safe from the latest threats with complete protection.
2
Keep everything updated
As simple as it may sound, you can also help keep your devices protected by ensuring you always have the latest software updates
I N A S S O C I AT I O N W I T H
Bitdefender Total Security is able to offer cross-platform support for your devices and security patches installed. Manufacturers and vendors often release security updates when a flaw or vulnerability is detected, patching flaws or bugs that could put you at risk. As a user, you can also play a vital role by ensuring all your systems are updated to the latest level as soon as possible. We find it best to update your systems as soon as new upgrades are released, as hackers often try and exploit such windows to target unprotected devices. Despite offering complete protection against the latest security threats, Bitdefender Total Security has a low impact on performance, meaning you can keep your work going without worrying about background scans slowing down your machine.
3
Up your password game
Having strong passwords will ensure all your devices stay safe, but also mean access to your workplace networks is never put at risk. If you’re worried about forgetting or mislaying all your different passwords, you may want to consider using a password manager, which can keep track of all your details.
If your employer doesn’t already use a VPN, it may be worth making sure that when you connect your work computer to your home network, you aren’t making it visible to other devices in the network. If so, you may want to consider installing a VPN, which will be able to mask your device location, keeping your browsing and work secure. Bitdefender Total Security features an in-built Password Manager that can store passwords, credit card information, and other personal data in a cyber-vault for easy access when needed, as well as being able to autofill online forms and recommend secure passwords to make sure you stay protected.
4
Keep an eye on your emails
With many people still adapting to a new way of working, often without the security safety net provided by in-house IT teams, the opportunity for criminals and scammers to prey on unwary users is greater than ever. Along with the usual selection of scams and fraud emails, criminals have been harnessing the current uncertainty to try and trick users out of their money and personal information. These tough times are no reason to let down your guard though - make sure you properly read through any emails you think might be suspicious, paying attention to the email address and language used in the message. Some attacks even try and impersonate your employer, capitalising on the changes to working life carried out by many companies, however lots of phishing scams feature obvious mistakes in spelling, grammar and design that should be easy to spot with some extra care. Bitdefender Total Security features specialised anti-phishing protection including blocking sites that masquerade as trustworthy in order to steal personal or financial data, keeping you safe online at all times.
LEARN MORE 013
C Y B E R S E C U R E AT H O M E
014
I N A S S O C I AT I O N W I T H
Bots, worms, and more… Guarding smart devices on your network against malware Your PC and smartphone aren’t the only things you need to protect.
F
rom kitchen appliances to lighting to thermostats to home security systems, the Internet of Things (IoT) enables an unprecedented level of convenience and control. Unfortunately, it also carries with it considerable risk. Most of the companies now making smart devices do not have any background in cybersecurity.
Historically, they never had to.
They are appliance manufacturers, entertainment companies, and household goods organizations. For them, security was always the sole domain of their IT department. Toss in the fact that IoT is a highly-competitive market, and you have a perfect storm for creating a cybersecurity nightmare. We’re not trying to scare you away from using smart devices or having a connected home, mind you. The technology that underpins IoT is wondrous and has the potential to do some very real good for both our personal and our professional lives. It’s 015
C Y B E R S E C U R E AT H O M E
also very clear that it’s not going anywhere anytime soon; we live in a world defined by widespread digitization. What we are saying is that when installing a new IoT device, you need to be smart about it. You need to take the necessary precautions to protect your home network, and by association, yourself. Here’s how you can do so.
Avoid default credentials and use two-factor authentication
For IoT devices that require a login, change your username and password immediately after installation. You may also want to give the device a name that doesn’t immediately identify the make, model, and brand. This will help protect you against attacks that target specific vulnerabilities. You can usually find instructions on how to do this in the technical documentation shipped with your device. Speaking of credentials, you’ll want to use a password manager to ensure that you have a unique password for each device. We’d also strongly recommend enabling two-factor authentication wherever possible, via a tool like Google Authenticator rather than SMS. The more security you can layer atop your network, the better. Note that the above doesn’t just apply to the regular gamut of ‘smart’ devices - it also applies to stuff like your router and your webcam.
Shore up individual device security
While you’re mucking about with the settings of your smart devices, you may want to check and see what security features (and settings) they’ve shipped with. The most important thing here is to disable Universal Plug and Play (UPnP), as it’s easilyexploitable by hackers looking to hijack those devices for use in a botnet or gain 016
The more security you can layer atop your network, the better access to your network. We’d also strongly advise looking carefully at what sort of data the device and its associated applications collect, and whether or not that data is really necessary for the device to function
Don’t slack on updates
If the software associated with your smart devices has a setting for automatic updates, make sure it’s toggled to “on.” While it’s true that manufacturers release software updates to fix minor bugs and improve functionality, these updates also frequently contain critical security fixes and patches. Consider scheduling these updates so they happen when you know you won’t be using a device, so you aren’t tempted to disable them for convenience’s sake.
Protect your wireless network
Where your wireless network is concerned,
I N A S S O C I AT I O N W I T H
it should go without saying that you’ll want to use the strongest WiFi encryption available to you. It’s also extremely important that your WiFi network has a unique SSID and password associated with it. You may want to consider configuring your network so that it doesn’t automatically broadcast itself, which can usually be done through your router’s configuration portal. While this may make setting up new devices a bit inconvenient, requiring you to manually enter your details each time, it also makes it far less likely that someone will be able to hijack your network and anything on it. Finally, if you want to be extra cautious,
Above: Have a plan in place for all of your smart devices
you can sequester your smart devices on a separate, secondary ‘guest’ network. You can keep stuff like your smartphone, gaming consoles, and PC on one network, while IoT devices go on the other one. Note that in order to do this, you’ll need to invest in a dual-band or tri-band router.
Invest in network security
Last but certainly not least, you should understand that even with the above precautions, there’s always a chance that a device on your network might be compromised by a hacker or worm. In that regard, the right security software can make all the difference in the world. 017
C Y B E R S E C U R E AT H O M E
Protecting yourself against ransomware The danger that malicious software poses shouldn’t be underestimated‌
018
I N A S S O C I AT I O N W I T H
The do’s and don’ts.
Now, we’re going to take a deeper dive into some of the more dangerous threats on the web - namely, ransomware. If there’s one constant in the world of cybercrime, it’s that the majority of perpetrators prefer the path of least resistance. There are few things easier than holding data for ransom. Perhaps that’s why, since originating in 1989 with the AIDS Trojan, ransomware has proliferated across the web. Ransomware is malicious software that operates on a deceptively simple concept. Every individual and organization has systems and data that are in some way important to them. Assets that are important enough that, were they locked out, the owners would be willing to pay to restore access. With ransomware, there’s no need to find a marketplace for stolen information or go through the complexities of defrauding someone’s identity. All a criminal has to do is spam out the threat and wait for payment. Even worse, thanks to the emergence of Ransomware-as-a-Service (RaaS), the bar for entry has never been lower. These days, a criminal doesn’t even have to understand the ransomware they’re using. They can simply purchase the rights to a RaaS platform, aim it at their victims, and wait for the cash to start flowing - usually in the form of cryptocurrency such as Bitcoin. The good news is that with a bit of knowledge and preparation, ransomware is actually fairly easy to deal with. First and most importantly, keep multiple, current backups of everything that’s important to you, and keep those backups isolated from your PC. The whole point of ransomware is to extort its victims by holding systems and data hostage. If you can simply roll back to a previous backup, the attack completely loses its power.
Running outdated software is akin to painting a target on your back Second, make sure to always install security updates. The two most damaging ransomware attacks in recent memory WannaCry and NotPetya - both targeted a vulnerability that had already been patched by Microsoft. As annoying as Windows Update can be, the alternative - running outdated software - is akin to painting a target on your back. Third, be careful about downloading email attachments, opening files, or clicking links from people or websites you don’t know for certain are reputable. Phishing attacks - which we’ll discuss in greater depth later are an extremely common delivery method for ransomware. Suffice it to say, a bit of mindfulness goes a long way in avoiding phishing attacks - as does installing the right security software. 019
C Y B E R S E C U R E AT H O M E
020
I N A S S O C I AT I O N W I T H
How to implement safe and secure remote working Follow these best practices when working out of the office.
F
ostered by available broadband connections, remote working has been a growing trend over the last several years - whether for a day here and there, or full time off-site work. With Covid-19 resulting in many offices shut down, this movement has been pushed even further. When working out of the office, there are plenty of things you can do (or ask your employees to do) to make sure you remain safe. Some are practical tips that you can action immediately - downloading a VPN or antivirus software, for example - while others are much more revolved around mindset.
End-to-end encryption from a VPN
This time five years ago, only IT technicians had really heard of virtual private networks. Now - largely thanks to their ability to unlock foreign Netflix catalogues and get around other blocked websites - VPNs are a commonly downloaded bit of software.
When it comes to business VPNs, the number one priority is security. Once installed and turned on, all the data shared between companies and their employees will be kept encrypted at both ends. That means super security. And the best proponents maintain a fast enough connection between servers that you’ll barely notice any difference at all to your everyday life online if you have it working away in the background.
Antivirus software
With all of the malware out there, a defense on each and every device you own has become a necessity. It is therefore important to implement a robust antivirus solution, for protection. Also, make sure that it is kept up to date with the latest virus signatures, and that provides real time protection. Finally, the solution needs to protect from spyware, and ransomware as well, which can sometimes require a combination of products.
021
C Y B E R S E C U R E AT H O M E
Strengthen the logins
Login credentials are a key aspect of computer security, and it is important to choose a strong password. This involves a longer password, twelve or more characters, with a random combination of lowercase and uppercase letters, numbers, and symbols. It can be difficult to keep track of so many passwords, so a password manager is a useful tool, too. Sometimes, despite best efforts, passwords become compromised. Therefore, the additional protection of two-factor authentication should be implemented to provide another layer of security.
Separate work/life
Working from home can certainly blur the lines between work life and home life as we answer another email after business hours, or have meals with our phone at our side. However, there should be a division, with work occurring on dedicated company devices, that won’t be in danger of being compromised from personal computer activities after hours.
Back up your data
Nobody wants to lose data, particularly when it involves ‘Work product’. Working in the office allows the company to backup data, but this responsibility often shifts to the remote worker. So keep in mind the 3-2-1 rule of data, which indicates that there should be three copies of data, on two different media, one of which should be offsite to keep your hard work safe at all times.
Avoid public Wi-Fi
When out in public, open Wi-Fi is often available...and quite unsafe. As these public Wi-Fi spots have no password, or only a shared password, data can be easily poached as it is transmitted, resulting in a data breach. Using the mobile broadband connection on your phone is a step in the right direction as it is considered more secure, but the better solution is to encrypt all data before transmission via your VPN no matter what network you are on. 022
Two-factor authentication should be implemented to provide another layer of security Phone charging station
Devices need charging when out of the office, with the smartphone leading the list as it gets used most often. Many establishments offer USB charging stations, and conveniently located so patrons can juice up their phones. However, in some cases, the offer of free electricity is really a way that the data on the phone can be downloaded. The defense is to use a USB data blocker, also known as a ‘USB condom.’ This useful, protective device has the data pins removed so that the electric can flow to charge the device, but no data can be possibly transmitted as it lacks the pathway to travel.
One security suite for your entire family Get the highest level of digital protection!
Bitdefender FAMILY PACK Keep your family safe from all types of online threats with the ultimate digital protection pack.
Product of the Year
Editor`s Choice
AV-Comparatives, February 2020
PC Mag, August 2020
Editor`s Choice
“Outstanding scores in independent lab tests and our web protection tests”
“A feature-rich suite that protects all your computers, phones, and tablets.”
Techradar, September 2020
Learn more at www.bitdefender.co.uk
WORK SMARTER FROM HOME
024
I N A S S O C I AT I O N W I T H
Why a VPN can ensure all your home devices stay secure Why it pays to be familiar with a Virtual Private Network
W
orking from home is now the ‘new normal’ for millions of people. But while office closures forced staff to grapple with the challenges of workspace creation and videoconference etiquette, IT departments were tasked with providing secure access to data and applications from any location. A popular way of doing this is a Virtual Private Network (VPN). A VPN effectively creates a secure tunnel between a local network – such as your home Wi-Fi – and another network anywhere else in the world. The result is that your device behaves like it is in another place entirely. The VPN can validate user identity and ensures users are subject to the same rules as the corporate network. Other organisations, such as universities, also use VPNs to provide secure access to resources that would be restricted via the public Internet. VPNs are useful for consumers too. Because a VPN can make it look like you’re anywhere around the world, it’s possible to use the Internet without geographic restrictions perfect if you want to be able to watch a sporting event that isn’t available on local TV. However the most compelling reason to use a VPN is to safeguard your security and privacy. Public Wi-Fi hotspots in cafés, hotels and airports can be vulnerable to attack if they are not secured properly. A cybercriminal with the right tools and knowledge could spy on your
data and steal your information. A spot of online shopping at the coffee shop could see your credit card details swiped. A VPN’s ability to offer an encrypted data tunnel means attackers wouldn’t be able to understand any of the data they’ve intercepted. At home, a VPN conceals browsing history from your Service Provider (ISP), protecting online activity and safeguarding privacy. VPNs can be installed at a device level and most subscriptions cover multiple smartphones, tablets, and PCs. However installation is challenging or impossible for certain categories of devices, such as smart home products. A solution is to install a VPN at a router level, ensuring any device connected to a Wi-Fi network is protected. VPNs are an effective way of securing your devices and your online activity and there are many options to choose from, including services from reputable cybersecurity vendors. There are plenty of free options too – but exercise caution as some of these can compromise data or lead to malware.
Public Wi-Fi hotspots in cafés, hotels and airports can be vulnerable to attack 025
C Y B E R S E C U R E AT H O M E
026
I N A S S O C I AT I O N W I T H
What is M malware and how dangerous is it?
alware is a contraction of ‘malicious software’, and is an all-encompassing term for any program designed specifically to attack, damage or compromise a system in some way. Malware only exists to attempt to exploit your device or personal data in some manner, usually for the author’s own gain – say, for example, stealing your online banking details – but sometimes it effectively represents random acts of virtual violence, such as a virus which just nukes your entire system. So yes, it can be dangerous – which we’ll discuss further in a moment – and to defend against some of the disastrous potential scenarios malware can bring about, it’s a good idea to use antivirus to protect your PC.
The danger that malicious software poses shouldn’t be underestimated…
Strains of malware
Malware is a broad term, so is often employed very generally to cover anything bad happening to your PC in terms of rogue software that exploits your system in some way. However, there are different subsets of commonly recognized malware, and we’ll now look briefly at the main offenders (there are other variations out there, too). The virus (which we’ve already mentioned) is one of the most common types of malware. A virus comes embedded in a piece of software or file, and infects the system when that app or file is run. When that happens, what’s called the payload is triggered – in other words, the bad things that happen to your PC (which you may not even notice, as some effects are designed to be stealthy). Then the virus – as its name suggests – can spread itself to other files, and therefore potentially to other PCs (if those files are transferred). 027
C Y B E R S E C U R E AT H O M E
A worm acts in much the same way to spread itself, but is even more dangerous, because it doesn’t need to be ‘triggered’ by the user (via a file being run) – it automatically propagates itself. A Trojan is another kind of malware which pretends to be a legitimate program (being named, of course, after the famous Trojan horse). In other words, it’s specifically designed to look like a useful app, but will actually wreak malicious havoc on your system when run; a nasty concept indeed. Ransomware is even nastier, though, and when unleashed on your PC – either via a file, or a website – it locks your machine
028
(and all your files), threatening to delete everything by a certain deadline if you don’t pay a specified ransom online.
How bad is bad?
On the subject of how dangerous malware is, the short answer is very. As we’ve indicated, some types of malware are particularly nasty, like ransomware which effectively locks up your digital life away from you – and even if you pay the ransom demanded, there’s no guarantee the author of the malware will actually let you have your files back. And if you haven’t backed up your data, then you really are in serious trouble (do remember that there’s some great free backup software out there).
I N A S S O C I AT I O N W I T H
Malware can be hugely damaging to businesses as well as individuals. However, any type of malware is seriously bad news generally speaking, and can have all sorts of negative effects on your PC, including spying on you (via a webcam perhaps), stealing your online passwords or other personal data, slowing your PC or internet connection down, or indeed just completely destroying all your files. So, malware isn’t just dangerous – in fact, it can be deadly, at least to your files and system.
Should I never go online again?
The common thread with all these types of malware is that you contract them online, from either an app or file you downloaded, or a website (often via an email link). Obviously, it’s not an option to never go online again just because of what might happen with malware – but rather, it’s a matter of being aware of potential risks and taking simple precautions. It’s beyond the scope of this article to go into detail on this, but the basics are that firstly and most importantly, you should use a good antivirus app (there are capable free antivirus products out there, or even Windows Defender is a solid enough proposition now and it comes built-in with Windows 10 by default, so even the terminally lazy don’t have any excuse for not using something). Secondly, be very careful what you click on. If there’s a link on a social media site which seems suspicious, don’t follow it. If you have any doubts about a link sent to you in
an email, or you’re worried about a dodgylooking email attachment, again – leave it well alone. Be wary of anything that’s labeled as ‘urgent’ or seems to be demanding that you click it, and don’t forget, if you’re not sure about something, you can always check with the sender if the email is genuine or not. Finally, always download software from an official store (like the Microsoft Store for Windows 10 PCs, for example, or Google Play with Android), or the maker’s website wherever possible. Don’t use any remotely suspicious-looking website or third-party store (at the same time, don’t think that official stores are bulletproof for malware – but they are far less likely to have been compromised).
What about my business?
Malware can be hugely damaging to businesses as well as individuals. Hackers often use malware to try and gain entry into an organisation’s systems or networks, from where they can access valuable data to steal and sell on. Companies can face targeted attacks via malware that can cripple their systems, causing outages that could cause technical and financial damage. To stay safe, businesses must ensure they have a full security suite offering installed that includes the latest up to date malware protection. This must be updated regularly, as hackers often switch up their tactics to take advantage of the latest threats.
What is malware and how dangerous is it? Malware or malicious software is certainly dangerous, and in some cases, it can be incredibly dangerous, and threaten to compromise your online banking, or lock away all your data so you can’t reach it forever. It always pays to think before you click on any link or download any file, and to use a good antivirus app.
029
WORK SMARTER FROM HOME
Why your router could be the number one security worry in your home It carries your email, entertainment and personal data – and we’re asking more of our routers than ever. So is yours safe? 030
I N A S S O C I AT I O N W I T H
T
he humble Wi-Fi router is the modern household’s gateway to the outside world. It connects our smartphones, smart TVs and smart home devices to anything and everything, providing the foundation for our digital lives. But this indispensability is accompanied by an inconvenient truth – a router can also be the greatest cybersecurity threat in the home. Technology and connectivity are integral to everything from banking to health, increasing the volume, sensitivity and detail of data passing through our routers. This information includes financial and personal information that can be extremely attractive to hackers and increases the risk of identity theft, social engineering, or a loss of privacy. An unprotected or misconfigured router can provide a starting point for any attempt to steal data or compromise a device connected to a network. Therefore, the issue of router security cannot be ignored. Wireless routers are heavily configurable but the backend can be a challenge to negotiate without a degree of technical literacy. Fortunately, there are easy steps to take to mitigate any risk. The simplest and most effective step to
protect a network is with a strong password. Without one, anyone from your neighbour to a hardened cybercriminal is capable of watching your every move. A password should not be the default option, should be hard to guess and should definitely not be ‘password’. A combination of upper case and lower case letters, numbers and special characters should do the trick. Most modern routers include WPA2 password encryption that protects against brute force attacks but if AES encryption is available, then this should be enabled. To further reduce the risk of attack, you should make sure that the SSID – the name of your Wi-Fi network – isn’t easily identifiable. ‘Smith_Family_WiFI’ might make the network easy to find for friendly users but it also advertises the identity of the network to those with more sinister motives. Finally, it’s also a good idea to periodically check for router firmware and security updates, ensuring you are protected against all known vulnerabilities. In general, it’s a good idea to disable any feature of the router you’re not using but, if in doubt, it could be worth looking at additional security measure such as the installation of a Virtual Private Network (VPN) at a router or device level. A VPN offers encrypted data tunnels that protect data even on an unsecured hotspot and keep it away from prying eyes.
An unprotected or misconfigured router can provide a starting point for any attempt to steal data 031
WORK SMARTER FROM HOME
Great ways to up your security while staying home Make sure you stay safe whilst isolating with our top tips.
032
I N A S S O C I AT I O N W I T H
033
C Y B E R S E C U R E AT H O M E
A
s employees from all kinds of industries are working from home across the world, the new way of working also highlights a growing need to stay secure. The coronavirus lockdowns have meant more of us are now working remotely, meaning that homes are now not just a place to eat, relax and sleep, but also now increasingly the centre of our working lives. Now your workspace is centred in the home, you need to ensure your local network and the devices within are secure. So if you’re looking to boost your home’s online protection, here are some top tips to keep you safe.
Make sure all your devices are secure
Most people now hopefully are aware of the need for security protection for their computing devices, whether laptop or desktop, printer or more. But all too often, mobile devices get forgotten in this way of thinking, despite the fact that smartphones and tablets are also incredibly sophisticated computing machines.
Enforce strong parental controls
With pupils sometimes unable to attend school due to lockdown or quarantine restrictions, children of all ages will no doubt be using internet-connected devices at home. Making sure they stay safe online is a crucial consideration, especially as criminals often try to exploit unaware users into giving away login details or password information on services such as gaming sites.
Get a VPN up and running
A Virtual Private Network, or VPN, has quickly become an essential tool for home 034
I N A S S O C I AT I O N W I T H
Children of all ages will no doubt be using internet-connected devices at home facing service to experience entertainment streaming services from overseas.
Be security aware
and work internet use in recent months. Put simply, using a VPN allows you to disguise your connection to appear like it is originating from a different country or region, meaning no one should be able to track your internet surfing or snoop on your location. Many of us may already be working with an enterprise VPN service, which allows remote workers to connect to a workplace network or intranet, or using a consumer-
Having more internet-connected devices around the home means that unfortunately, the possible threat landscape is greater than ever before. Whether it’s a laptop, smartphone, smart TV or even a connected thermostat, criminals are always hunting for a way into your network. Make sure you have protection against the latest malware, spyware and adware threats, including protection against botnet attacks from compromising your smart home devices, and the latest networkbased adaptive layer of protection prevents exploitation of vulnerabilities in your home system. 035
ADVERTORIAL
Three steps to keep the whole family safe when working from home Our top tips to make sure you and your family aren’t at risk online.
I
t’s fair to say that probably very few of us could have predicted how 2020 was going to turn out, with many lives changing overnight. One of the biggest changes has undoubtedly been the move to remote working, as millions of employees made the switch from the office to working at home. For many, it was the first time doing so, as spare rooms, bedrooms and dining tables became the new shared working space for adults and children alike. But there’s no reason that working from home should be any less secure for anyone in your family - so here’s a few simple steps to help stay protected.
1
Keep your work and home devices separate
Office working made keeping your home 036
and professional lives apart simple - when you went home at the end of the day, you (hopefully) left your work devices in the office. However with the shift to working from home, company laptops, tablets and smartphones are now an ever-present in our personal lives too. Although it may be tempting to carry out personal tasks on a work laptop or phone, doing so could unknowingly put you at risk. Criminals are always looking for a way into corporate or enterprise networks to try and extort information or money from big-money targets, and visiting insecure websites may open you up to attack. It’s best not to use a work laptop for personal tasks, and vice versa - that means no paying bills, watching videos or accessing social networks on your work device, but also no editing or reading work documents or sending work-related emails on your personal
I N A S S O C I AT I O N W I T H
online all night. Doing so should help minimise the risk of attack, but also make sure your children stay focused on their learning, rather than slacking off to play games or access social media during school hours. Bitdefender Family Pack offers advanced parental controls that let you build customised restrictions, and monitor the entire family’s online activities and screen time. The platform covers up to 15 devices per household, meaning you can make sure all the family items are secured. device. Not only will this help your mental health by allowing you to switch off at the end of the day, it’ll also help minimise any chance of putting you or your employer at risk of attack. Solutions such as Bitdefender Family Pack are able to protect all your devices across a number of platforms, whether Windows PCs, macOS, iOS or Android, and form factors from smartphone to tablet to laptop, giving you peace of mind however you get online.
2
Make sure parental controls are in place
It’s not just office workers that have had to endure significant turmoil this year, as students and school children suffered major disruption when it came to their education. With many children now learning from home, it’s critical that you ensure all your family’s devices stay protected, keeping your information and financial standing safe. Criminals often target children online to try and extort money from those with less online awareness, or simply by tricking them into handing over personal information. You can make sure your family stays protected online by setting up parental controls, blocking harmful content and websites from your children, and also allowing screen time limits to make sure they aren’t
3
Secure your online browsing with a VPN
Of course, there may be times when you are needing a break, but there’s no reason to let down your guard when trying to find something fun to watch online. Using a Virtual Private Network, or VPN, offers an extra level of security for you and your family, especially when it comes to widening your horizons in terms of streaming content online. A VPN allows you to disguise your connection to appear like it is originating from a different country or region, meaning no one should be able to track your internet surfing or snoop on your location. Although many of us may already be working with an enterprise VPN service, which allows remote workers to connect to a workplace network or intranet, consumerfacing services are also available, allowing you to experience entertainment streaming services and websites from different markets. Purchasing and installing a VPN is quick and easy, and Bitdefender Family Pack includes a comprehensive service that’s perfect for all the family. Offering 200MB of data traffic per day for no extra cost, the VPN allows users and their families to stream online video, shop and bank with complete peace of mind.
LEARN MORE 037
C Y B E R S E C U R E AT H O M E
Recognising the red flags of digital phishing and fraud Make sure you’re protected from all the latest threats with our guide.
038
039
C Y B E R S E C U R E AT H O M E
P
hishing is one of the most common vectors through which ransomware spreads, however the distribution of malicious software is hardly phishing’s only directive. Just as often, it’s a tool through which criminals collect personal information from their victims. A phishing scam has a simple goal: to trick its victim into taking a course of action that is ultimately harmful to them. Occasionally, this involves downloading malicious software, but it just as often has the victim share something. This could be a sensitive file, an account login, or even something like a social security number or bank number. Phishing attacks may come through myriad
040
paths, including instant messages, email, text messages, and, occasionally, even Voice over IP (VOIP). On occasion, phishing attempts may be highly-targeted, directed at specific individuals or companies — these are known as spear phishing, or when directed at high-profile targets, whaling. The former is particularly dangerous, as it involves a criminal leveraging personal data to enhance their attack. The one thing all phishing attacks have in common is a reliance on a combination of social engineering and carelessness to work their magic. A criminal that executes a phishing attack hopes that their target will be either fooled or intimidated to playing
I N A S S O C I AT I O N W I T H
Even the best attacks tend to follow a set pattern you can identify along. The cleverest even excel at creating falsified copy and landing pages almost startlingly similar to the real thing. The good news is that if you knowwhat to look for, you can recognize evenm exceptionally-convincing phishing attacks. Even the best attacks tend to follow a set pattern, which you can eventually train yourself to identify. As such, a bit of mindfulness and due diligence goes a long way here. Generally, every phishing message starts with a story. This story uses a particular emotion, usually either greed or fear, to trick a target into playing along. The first thing to keep in mind here is that if something seems too good to be true, then it probably is. Very few things in this world are free, and you’re generally not going to receive unsolicited offers, especially from senders you don’t recognize. Similarly, if an email or message seems overly-urgent or goes to great
lengths to discuss the consequences of inaction, there’s a good chance someone is trying to scam you. Beyond these obvious flags, there are a few things to look for that can help you quickly identify the lion’s share of phishing attempts. Not surprisingly, savvy scammers tend to put a lot more effort into their attacks. Their messages are significantly more convincing and rarely contain the kind of errors found in your run-of-the-mill scam. They may compromise or clone an email in your address book in an attempt to fool you. In some cases, they may even forego messaging altogether, hijacking legitimate web pages, masquerading as legitimate Facebook applications, or otherwise redirecting users to a near-identical forgery of a site’s login page. In these cases, you need to use your best judgment. If you find a message from a friend or colleague to be even the least bit suspicious, follow up with them on another channel to ask if they sent it. And always take a step back and evaluate your digital surroundings before entering (or re-entering) login data. 041
Global Leader in Cybersecurity Protecting over 500 million systems for more than 18 years.
Learn more at www.bitdefender.co.uk