Since the Movement Control Order (MCO) was implemented, people have been encouraged to stay at home, which gives them more and more time to spend on their phones and devices. Many are turning to new apps and communications tools to work, learn, access information, and stay connected with loved ones.
While these digital platforms are helpful in our daily lives, they can also introduce new online security risks.
Photo via Pinterest
Google security systems have detected a range of new scams such as phishing emails that will try to trick people into clicking on links, by posing to be from charities and NGOs battling COVID-19, directions to “administrators” to employees working from home and notices from healthcare providers.
So please be careful, sometimes these scams can be tricky to identify! Here are some ways to help you avoid these online scams:
1. Know how to spot and avoid COVID-19 scams
With many of the COVID-19 related scams coming in the form of phishing emails, it’s important for you to take a pause and evaluate any COVID-19 email before clicking on any links or taking action.
Be wary of requests for personal information. If it starts asking you for your home address or bank details, CLOSE THE PAGE. Please be aware that fake links often mimic established websites by adding extra words or letters to them. Remember to check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile).
2. Use your company’s enterprise email account for anything work-related
There are many ways that an employee can put their company’s business at risk when using their personal accounts or devices. Even when you’re working from home, it’s important to always keep your personal and work emails separate.
Enterprise accounts offer additional security features that keep your company’s private information private. If you’re unsure, check with your IT professionals to ensure the right security features are enabled, like two-factor authentication.
3. Secure your video calls on video conferencing apps
Just because the website is new and has many cool features, doesn’t mean that it is secured! Security controls that are built-into certain video conferencing sites, such as Google Meet, are turned on by default. In most cases, organizations and users are automatically protected.
But there are steps to ensure your video conferences are secured on any video conferencing sites or app:
If your meetings use short, numeric codes, turn on the password or PIN feature. This extra layer of verification will help ensure only the invited attendees could gain access to the meeting.
When sharing a meeting invite publicly, be sure to enable the “knocking” feature so that the meeting organizer can personally vet and accept new attendees before they enter the meeting.
If you receive a meeting invite that requires installing a new video-conferencing app, always be sure to verify the invitation - paying special attention to potential imposters before installing.
4. Install security updates
When working from home, your computer may not automatically update your security technology as it would when in the office and connected to your corporate network. It is important to take immediate action on any security update prompts. These updates solve for known security vulnerabilities, which attackers are actively seeking out and exploiting.
5. Use a password manager to create and store strong passwords
There might be a lot of new applications and services you might be using for work and school purposes, and it can be tempting to use just one password for all. We get it, sometimes we get all our passwords mixed up! But to keep your private information well, private, always use unique, hard-to-guess passwords.
A password manager like the ones built into Android, Chrome, and your Google Account can help make it easier.
6. Protect your Google Account
If you use a Google Account, you can easily review any recent security issues and get personalised recommendations to help protect your data and device with the Google Security Checkup. Within this tool, you can also run a password checkup to learn if any of your saved passwords for third-party sites or accounts have been compromised and then easily change them if needed.
Also, consider adding two-step verification which you likely already have in place for online banking and other similar services to provide an extra layer of security. This helps keep out anyone who shouldn’t have access to your accounts by requiring a secondary factor on top of your username and password to sign in.
So always double-check or triple-check emails that you receive, because sometimes these phishing emails can be very convincing.
Stay safe, guys!
By: Aishah Akashah Ahadiat