PROTECTING YOUR HOME NETWORK - from cyber attacks WIREDSCORE'S GUIDE ON...

Page created by Ronnie Jenkins
 
CONTINUE READING
PROTECTING YOUR HOME NETWORK - from cyber attacks WIREDSCORE'S GUIDE ON...
WIREDSCORE’S GUIDE ON...

PROTECTING YOUR HOME NETWORK
       from cyber attacks
PROTECTING YOUR HOME NETWORK - from cyber attacks WIREDSCORE'S GUIDE ON...
W I R E D S C O R E ’ S G U I D E O N ...

         PROTECTING YOUR HOME NETWORK
          f r o m c y b e r at ta c k s

                 There’s no honor among thieves. Such is the           Follow the simple advice in this guide and
                 case even in the midst of an international            protect yourself and your privacy.
                 health crisis.
                                                                       In this short guide we will explain what type of
                 As we’ve all made the shift to remote work, remote    attacks are common among work from home
                 education, and social distancing to stem the spread   employees during Covid-19.
                 of Covid-19, cybercriminals have opportunistically
                 sprung into action to capitalize on our collective    But do not be alarmed. There are simple steps
                 reliance on connectivity.                             you can take today to protect yourself from
                                                                       opportunistic cyber criminals.
                 While corporations and educational institutions
                 have the ability to mitigate the risk of attacks      In the second part of this guide we will show you
                 on their network when users are on premise,           exactly what you need to do to stay protected.
                 remote access opens up an entirely new world of
                 vulnerability that all are still grappling with.

2   | Protecting your home network from cyber attacks                                                               wiredscore.com
PROTECTING YOUR HOME NETWORK - from cyber attacks WIREDSCORE'S GUIDE ON...
COMMON TYPES OF CYBER ATTACKS
        DURING COVID-19
        Over the past several weeks, we’ve seen a massive
                                                                90% of cyber-attacks start with a phishing
        uptick in cybercrime from social engineering,         campaign, and hackers are adapting their methods to
        phishing, and brute force attacks into our home         take advantage of more people working from home.
        networks.

        Hackers are shameless and will sink to any means
                                                              Here are the common ways phishing is used to
        to obtain your data, this only increases when we
                                                              steal your personal information:
        are distracted by world events, with even the World
        Health Organization being attacked in March.
                                                              Phishing Websites

        90% of cyber-attacks start with a phishing
                                                              These websites are created to get users to visit
        campaign, and hackers are adapting their
                                                              them by mistyping a website name or clicking on a
        methods to take advantage of more people
                                                              link that looks similar to a genuine website.
        working from home.

wiredscore.com                                                                   Protecting your home network from cyber attacks |   3
PROTECTING YOUR HOME NETWORK - from cyber attacks WIREDSCORE'S GUIDE ON...
•   Google also saw a 350% increase in phishing
              A phishing website tries to steal your passwords or
                                                                               websites looking to capitalize on our desire for
               other confidential information by making you think it’s a
                            genuine and secure website.                        information, posing as health organizations,
                                                                               charities, and research institutes. In January
                                                                               2020, there were a total of 149,195 active
                                                                               Covid-19 related phishing sites. This number
              During a crisis like Covid-19, hackers will increase             leaped 100 % to 293,235 in February and
              the volume of these attacks by registering as                    nearly doubled again by March, totalling
              many domains as possible with keywords that are                  522,495 registered Covid-19 phishing sites.
              searched.

              •   According to the software firm Checkpoint,
                  since the beginning of 2020, there has been a
                  substantial increase in new domain registration
                  names that include “Zoom”, the video
                  conferencing software of choice. Since January
                  this year, there has been in excess of 1,700
                  new registered domains with some variation of
                  ‘Zoom’, and 25 percent of those were registered
                  during the 2nd week of April alone. Seem
                  suspicious?

4   | Protecting your home network from cyber attacks                                                                       wiredscore.com
PROTECTING YOUR HOME NETWORK - from cyber attacks WIREDSCORE'S GUIDE ON...
Phishing Emails

        If you want to see what these look like, check your
        Spam folder! We’ve all seen these, they are usually
        poorly written, sometimes from someone we know,
        and try to get us to download an attachment to
        launch malware onto your computer.

        What’s the problem then if my Spam folder
        captures them all?

        Unfortunately many do get past your spam, and
        hit your inbox. Cybercriminals get smarter all the
        time and email providers need to continually play
        catch up.

wiredscore.com                                                Protecting your home network from cyber attacks |   5
PROTECTING YOUR HOME NETWORK - from cyber attacks WIREDSCORE'S GUIDE ON...
There are several types of phishing emails                In the US, Americans will be getting stimulus
             you should be looking out for:                            checks in Q2, but the FBI warns hackers will
                                                                       be capitalizing on this to steal information via
             Company Info: Cybercriminals are targeting                phishing emails. They indicated that in no way will
             remote employees with company messages that               any government agency be reaching out over email
             notify workers of a positive Covid-19 test within         for personal information.
             their organization. The messages contain malicious
             attachments disguised as protocols that the
             company is undertaking as well as a “flyer” that
             recipients are asked to open, read and print out.

             Government and Covid-19 Related Info:
             There has been a large uptick in attempts
             from emails sent from seemingly legitimate
             organizations, to ask for charitable contributions,
             general financial relief, airline carrier refunds, fake
             cures and vaccines, and fake testing kits.

6   | Protecting your home network from cyber attacks                                                                wiredscore.com
HOW TO PROTECT YOURSELF FROM
      PHISHING WEBSITES AND EMAILS?
      •    Check the content of an email, look for              •   Go to the domain of the senders email address to
           misspelled words and closely examine the return          help verify the legitimacy.
           address. Typically these emails will be especially
           vague or general.                                    •   Example: sender@wiredscore.com
                                                                    WiredScore.com is a real site.
      •    Don’t open unknown attachments or click on
           links within the emails or text messages.

      •    Beware of lookalike domains, double check that
           you are on a secure website with the correct         Now you know how to protect yourself from
           URL before entering passwords or personal            cyber attacks that we can typically see and
           information.                                         identify, but what about those attacks we can’t?

wiredscore.com                                                                          Protecting your home network from cyber attacks |   7
HOME NETWORK SECURITY
              Unfortunately, there isn’t just one tool in the hacker   Once in, they are changing our router settings to
              toolkit, and the more sophisticated attackers will       automatically route us to phishing sites like the
              target the actual networks we connect to, rather         ones we just explained.
              than use websites or emails. By nature, our home
              networks don’t have the same security that would be
              in place in a corporate environment and hackers are          Attackers are “brute forcing” to get into our
                                                                       networks, which is basically running software that will try
              looking to exploit that vulnerability.
                                                                         thousands of password combos until they break in.

              Here are simple actions you can take to
              improve the security of your Home network:

              How to secure your router and Wi-Fi

              Since the beginning of March, there has been an
              increase on attacks on home routers.

              Attackers are “brute forcing” to get into our
              networks, which means they are running software
              that will try thousands of password combos
              until they break in.

8   | Protecting your home network from cyber attacks                                                                      wiredscore.com
FOUR EASY STEPS TO SECURE
     YOUR HOME NETWORK

     1. Change the default password on your                •   When you open an internet browser, you will need
        router and Wi-Fi:                                      to visit a website based on a string of numbers. This
                                                               is often printed on the back of the router and will be
     If you are like most of us, you are using a router        something like https://192.168.1.1
     supplied by your ISP and have never changed the       •   Login to your router with the router’s admin
     default password or Wi-Fi info, which is a major          password (on the back of your router).
     security flaw. Most of these passwords are easily     •   The user name is admin. You can find the default
     broken, and there’s even a website dedicated too          router administrator password on your router label.
     default router passwords to help people who           •   Replace the current admin password with a new
     can’t access it - this is candy for cybercriminals.       one that’s strong and easy for you to remember.
                                                               Follow your router on-screen or user guide detailed
     Most routers have the ability to be accessed              instructions.
     via a webpage, but check your ISPs website for        •   Now do the same for your Wi-Fi password (pick
     instructions for accessing yours, most should look        one different than the previous). Set up a strong
     something like this:                                      password by picking a long, unique mix of numbers,
                                                               letters and symbols. Your password should be 12 or
                                                               more characters (don’t forget to log back in on all of
                                                               your devices connected to Wi-Fi).
                                                           •   While still in your router, proceed to steps 2 & 3.

wiredscore.com                                                                        Protecting your home network from cyber attacks |   9
2. Keep your router’s firmware up to date             Because it’s hard to determine which specific
                                                                    router models and firmware versions are
              Once logged into your router (See Step 1 above),      vulnerable, it’s best to simply turn off this feature if
              ensure there aren’t any pending software updates.     possible, which can be done while logged into your
              Most routers will download these automatically,       router. Searching in Google “turn off WPS ” should explain exactly how if it’s
              update. Be sure to download the latest software.      not immediately obvious.

              3. Disable WPS                                        4. Enable the latest security

              WPS allows you to quickly and easily connect          Under Security Options or a similar section
              your Wi-Fi router to your devices (e.g. a cell        in your router, make sure the security for your
              phone) either via a button on the router or a pin     network is set to WPA2-PSK [AES] or the highest
              code printed on a sticker. A serious vulnerability    available setting. WPA2-PSK [AES] is currently
              was found in many ISP vendor implementations          the strongest level available for home wireless
              of WPS years ago that allows hackers to break into    networks.
              networks, it also gives anyone with physical access
              to your router the ability to connect.

10   | Protecting your home network from cyber attacks                                                                wiredscore.com
HOW TO SECURE YOUR DEVICES?
         1. Keep your connected devices up to date

         Having a secure router is great, but it’s useless if
         you’ve put off a Windows or iOS software update
         for the last two years. Any device connected to
         your network can serve as a backdoor into all of
         your devices. Install security patches and updates
         as recommended by your computer’s operating
         system (Windows or macOS) and mobile devices,
         as all of these manufacturers constantly patch
         newly exposed security flaws. If you’re not sure
         how, simply Google search “How to update
         software ”.

wiredscore.com                                                  Protecting your home network from cyber attacks | 11
2. Enable the firewall on your desktop and              b. For Windows, in the Cortana search box, enter
                  laptop                                                  Firewall. Click Windows Firewall in the search
                                                                          results. In the Windows Firewall window that
               A firewall is a security feature designed to help          appears, make sure that Windows Firewall is on.
               protect your computer and personal data from               If it isn’t, click the Turn Windows Firewall On or
               unauthorized access and alert you to immediate             Off link in the left pane of the window.
               threats. Most devices now come with built-in
               firewalls and they just need to be enabled. See         3. Smart Home and Streaming securely
               below depending on your device:
                                                                       Most IoT (Internet of Things) devices and
               a. On a Mac, choose Apple menu > System                 streaming devices (e.g Roku, Fire TV Stick, Apple
                  Preferences, click Security & Privacy, then          TV) also have a default password that is just a
                  click Firewall. ... Click Firewall Options. If the   Google search away. We strongly recommend
                  Firewall Options button is disabled, first click     updating passwords on all of these devices using
                  Turn On Firewall to turn on the firewall for         your user manual, and also confirm that firmware
                  your Mac.                                            updates are set to auto in the settings.
                                                                       It’s also considered a best practice to connect these
                                                                       devices to a separate “Guest Network” in your
                                                                       router to keep them separate from your phones and
                                                                       computers, which will have more personal data.

12   | Protecting your home network from cyber attacks                                                                  wiredscore.com
Wired Certification is the internationally recognized rating
                                                         system that helps landlords design and promote their
                                                         buildings’ great digital connectivity to tenants.

                                                         Employees working in Wired Certified buildings benefit
                                                         from knowing their businesses are supported by the latest
                                                         in in-building technology and digital connectivity.

                                                         If you’re a landlord or tenant interested in learning about
                                                         getting your building Wired Certified, schedule a call with
                                                         our team by clicking the button below.

                                                                C ONTACT US

13   | Protecting your home network from cyber attacks                                                      wiredscore.com
Content clarification: This article is written           Need more information to answer
        for home users and clients with basic internet
        requirements. Many of our clients are using          •   How to protect yourself from cyberattacks when
        VPNs to connect to corporate networks, which is          working from home during COVID-19
        where the biggest risk lies currently. This could
        be a separate article regarding considerations for   •   Governments experience surge in cyberattacks
        accessing your work network securely or add-in
        here; I was just cognizant of length.                •   Zoom Domains Targeted by Hackers, as Use Surges
                                                                 with COVID-19
        Author: John Meko, Director of Engineering, North
        America, WiredScore                                  •   COVID-19 Cyber Threats: Hackers Target DNS
                                                                 Routers, Remote Work

                                                             •   COVID-19 Phishing Schemes Escalate; FBI Issues
                                                                 Warning

wiredscore.com                                                                         Protecting your home network from cyber attacks | 14
You can also read