How to be your own cybersecurity expert: Avoid scams, use MFA, be a hero

A quick guide on how to kick cybercriminal ass

A quick guide on how to kick cybercriminal ass

Cybercrime doesn’t make the most exciting television—the world only wants hundreds of versions of the same police procedural, apparently—but it can have a devastating impact on our everyday lives, especially with so much work now taking place online. Derek Manky, chief of security insights and global threat alliances at Burnaby-based FortiGuard Labs, says his company has observed a huge spike in coronavirus-related scams over the past few weeks, involving everything from ride-sharing services to money transfers to credit cards.

“Now more than ever, employees should understand their part in their organization’s security posture,” Manky says. We asked him what we can do to keep ourselves and our businesses safe online. Not all heroes wear capes (but you can if you want to; no one will know).

1. Practise cyber distancing

“We have all been practising social distancing over the last few weeks to protect against viruses and illness,” Manky says. “Likewise, we should consider cyber distancing ourselves from our attackers.” Staying away from anything that looks shady (like suspicious requests, strangers trying to contact you and unsolicited information) is the first step to avoid being scammed.

2. Wash your cyber hands

Manky also stresses “prioritizing cyber hygiene.” We’re all guilty of ignoring software updates (that “Remind me tomorrow” button is so darn clickable) that often provide valuable defence against virtual threats. “Attackers trust that most individuals being pushed software updates often treat patching and updating protocols with less urgency than the task at hand for their day-to-day job responsibilities,” Manky says. In other words, just update your software. Here’s something to do while you wait for your computer to restart.

3. Use multifactor authentication (MFA)

Multifactor authentication means that access is only granted after a user proves that they are who they say they are in two different ways. That’s why your bank account uses a credit card number and a PIN, or why your insurance company asks for your mother’s maiden name and the name of your first pet (RIP Betty the betta fish). “This prevents cybercriminals from using stolen passwords to access networked resources,” Manky says. He advises businesses to use both passwords and an additional layer of identity validation in the form of an authentication token. Employees should have a token, which can be a physical device (like a key fob) or software-based, for logging in to the company’s network or connecting to a virtual private network (VPN).

4. Start now

“Don’t put off implementing cyber safety measures and education,” Manky warns, “because cybercriminals are all too willing and able to take advantage of this crisis for their personal gain.” Educating yourself on best practices is paramount to keeping your business secure—for those looking to brush up on their skills, FortiGuard offers courses on the The Threat Landscape and the The Evolution of Cybersecurity. Duty calls.