The biggest sale of the year, Black Friday, is coming up, meaning your house and office could soon be home to lots of shiny new tech.
However, those devices don’t come without risks and it’s important to make sure they’re protected from the day you first boot them up.
According to a study by NortonLifeLock, 16.5 million Brits were victims of various cybercrimes between 2019 and 2020. The scams – which included phishing attacks – cost people £1.4 billion in losses and it doesn’t look like they’re going away anytime soon.
In fact, the group’s most recent Cyber Safety Insights report found that 330 million people became victims of cybercrime between 2020 and 2021 worldwide, leading to a total of 2.7 billion hours spent scrambling to resolve these issues.
Couple this with the fact that many of us are still working from home on the regular, and you might be wondering how you can keep your new tech safe this Black Friday.
Read on to discover the best ways to protect your new devices from phishing attacks, viruses and more.
This is especially pertinent if you’re still working fully or partially from home and plan to use your phone or laptop for work outside of the office.
“While it’s great to know we’re connected to our colleagues, friends and family at all times, it’s important for both businesses and consumers to remain aware of the security risks this brings, including; malware attacks, identity theft, phishing and ransomware”, said chief scientist and McAfee Fellow Raj Samani.
“Many people may need to use public Wi-Fi to stay connected both professionally and personally. However, by using an unsecured Wi-Fi connection, you may be creating an easy gateway for hackers to access your personal information and data. Be sure to use a virtual private network, which is extremely important for establishing a secured connection to work files and personal photos saved in the cloud”.
“We will also see many people who are used to the protection offered by a corporate/education network working remotely for the first time”, explained Kaspersky principal security researcher David Emm.
“This, coupled with opportunistic attacks from cybercriminals exploiting people’s fears over this virus outbreak could create a perfect storm for cybercriminal activity”.
If you’re concerned about cyber scams, you should make sure that all of your devices are protected with a reputable internet security product, including mobiles and tablets.
Update your apps and devices
A key way to avoid falling victim to scams is to remain one step ahead of the scammers.
If you allow your software to get left in the dust, attackers can take advantage of unpatched security flaws and weaknesses to infect your devices.
“Update all of your software to the latest version and ensure you have applied any recent patches, making sure to also check browser plugins, antivirus software and mobile applications are all up to date”, said Attivo Networks’ chief deception officer, Carolyn Crandall.
“Attackers are well aware of the holes and will go after them if you leave them open”.
It isn’t just software you should keep up to date, either. If you don’t change your password frequently then this is a good habit to get into that will help keep hackers from accessing your device.
“They may attempt to use stolen passwords from prior breaches to break into your computer”, warned Crandall.
“If you use the same passwords for work and at home, this is a critical time to change them. As you do your updates, this would be an ideal time to change over to a password manager. Use unique, long passwords or passphrases over 15 characters, or take advantage of the password generator in a password manager. The longer a password, the harder it is for an attacker to crack it”.
It’s also good to make use of two-factor authentication where possible as this adds an additional layer of protection to your accounts and devices.
Look out for dodgy links
Your email inbox can be home to countless dangerous links and phishing scams, and these messages have only gotten more convincing over time with personal information and sign-offs appearing to come from close friends, family members and colleagues.
It’s always important to practice caution if you want to avoid clicking on any potentially dodgy links. This includes links for any tempting Black Friday deals that might sound a little too good to be true.
“Phishing email scams are looking more authentic as they continue to use more personal information gathered from public sources, so you should never assume it is safe to click on a link even if the email includes personal information like name, home address or job titles etc.”, said Thycotic chief security scientist, Joseph Carson.
“Before clicking, ask yourself: ‘Was this expected?’ and ‘Do I know the person who is sending this?’. On occasions, check in with the actual person on if they actually did send you an email before you aimlessly click on something in which might be malware, ransomware, a remote access tool or a virus that could steal or access your data”.
Some attackers have even have even taken advantage of the pandemic to get you clicking over the last couple years, according to cybersecurity firm Skurio.
“Marketers have stepped up their online advertising to target those with health concerns”, pointed out Skurio CEO Jeremy Hendy.
“Knowing this, phishers and scammers will use previously breached details to try to exploit these campaigns by imitating emails and tempting people to click on malicious links.
“Skurio has witnessed ‘click the link for voicemail’ type emails becoming a tactic of choice, as well as links to supposed sources of latest news and advice on the outbreak. Hundreds of domains have recently been registered and trying to spot fake from genuine is difficult, so only go to news sources you trust”.
“Always think twice before actioning any messages or emails regarding the pandemic which asks for any personal data”, said Samani.
“Never share your personal information and as a rule of thumb, always go directly to the source as opposed to clicking links or replying direct to messages”.
You might like…
Don’t use personal devices for work
It might sound obvious, but avoid doing work on your personal phone and laptop.
Aside from blurring the line between your work life and your home life, doing office work on your personal laptop could also compromise your work security.
“Home networks have less restrictions and security measures compared to corporate networks and if a company is not pushing all traffic over a VPN tunnel with outbound filtering, then exfiltration of credentials data could become a viable path of attack for those targeting people when they know they are sitting at home and not passing the corporate security perimeter”, said F-Secure principal security consultant, Tom Van de Wiele.
“For a work device, anyone’s home network should be considered untrusted, and workstations, e.g. laptops, smartphones that are on a home network should regard the network in the same way as a hotel, airport or city mall.
“Make sure you are not exposing any services or management interfaces on your home router or whatever services you are using. If you are not using corporate VPN, and you are a home user, you can avoid credential theft through phishing scams by blocking outbound services that you would not use over the internet. These include file/printer sharing services which are also used for authentication. Don’t click on links in emails unless you specifically asked for a certain email and always go to the website first and log-on there”.
Don’t use work devices for personal matters
In the same way that doing work on your personal devices is a bad idea, so is going about personal business on your work laptop.
“It’s going to be tempting to read the latest news, check personal email, and see how your friends and relatives are doing on social media”, said Varonis technical director, Matt Lock.
“But all this activity on a work device makes it more likely employees will fall prey to a cyberattack. If just one employee becomes infected and VPNs into the corporate network, they may unknowingly open the entire company up for exploitation”.
To sum it up in the wise words of F-Secure chief research officer, Mikko Hypponen: “Your work laptop is your work laptop. It’s meant to be used by you, not by your kids. When it’s not in use, it should be locked. Also, it’s not for games, or Netflix, or porn”.