Most of us are spending a lot of time online now, perhaps more than ever before. As we stay home to try and curb the COVID-19 pandemic, many people are working, socializing, banking and shopping online. But what does that mean for our cyber security?
To get some tips for how to stay safe online while we stay home, CP24.com spoke with tech expert Cami Levy, a director at Info-Tech Research Group.
(Note: Answers have been edited slightly for clarity and length)
CP24: So Carmi, it’s a cliche that we live our lives online. But in the past few weeks, it’s gone to a new extreme. We are working, socializing and shopping on our screens. As more of what we do in our lives moves online, what are some of the basics that we should have covered off in terms of our online security at home?
CL: It’s safe to say that we’ve probably never relied on our technology more now than we have in history. And of course that means now that we're more of a target. We’re seeing more attacks, more sophisticated attacks. Hackers and cyber criminals are attacking us because they know we’re spending virtually 100 per cent of our lives online and so I mean the same basics apply now as they always have. If you send your kids out onto the street you want to street-smart your kids; you have to street-smart yourself online as well. The first thing is really to make sure that you take care of the basics like password security. Make sure you’re using different passwords for every service.
Don’t make them easy to guess. It shouldn’t be your pet or your spouse or the street you grew up on or your mother’s maiden name. Make them tough. Use password management apps if you need to. Lock that down now, otherwise that’s going to be a problem.
Second take a look at your network at home. A lot of us have not taken the time to secure our Wi-Fi. We might not have encrypted it or put a password on it. Make sure that every security feature on your home network is turned on and that you’re familiar with it. That way you won’t be victimized by drive-by attacks. These are things that applied before COVID-19, but they are especially applicable now because we’re relying so much on this technology.
CP24: Work. Many of us are no longer going into the office or other workplaces. For millions of people right now, home is work and work is home. What are some things we should be doing to make sure our work information stays safe?
CL: In many cases work and home are crossing over. So things we do in our personal life could potentially leak into our work apps. We want to make sure that all of the devices that we're using are as locked down as they can be. So for example if you’re using Microsoft Teams or Slack for work on a computer that you’re also using for online school for your kids, you’re going to want to make sure that you’ve kept them separate.
You’re going to want to make sure that all of your passwords are activated, that your kids can’t go anywhere on your computer that they shouldn’t, that you’re not gonna have something that you did personally leak into a video conference or a work session with your colleagues, or even worse — with your clients.
Second, if you have an IT department, speak with them about what they are recommending for setting your devices up at home to be absolutely secure. Many companies already have these processes in place. All you need to do is ask and in some cases they can even do it for you remotely to make sure that everything you’re using is as secure as it possibly can be.
CP24: What about some of these teleconferencing tools. We’ve seen some reports about events being “Zoom-bombed” and some questions have been raised around how secure some of these tools are. What are some of the more reliable tools and what should people be watching out for?
CL: Two things to remember when you’re using video conferencing tools like Zoom or Microsoft Teams or Slack is that you want to go into the settings and make sure that you’ve tightened up the security because by default they are not 100 per cent secure. For example with Zoom, the reason you get the “Zoom-bombed” is that by default, in any meeting, anybody can take over as host and anybody can share the screen, even a stranger who doesn’t know who you are and has never had anything to do with your company before.
So you need to go into the settings and tweak the settings so that only you can share the screen, only you can host a meeting. That immediately locks out strangers and ensures that you will not get Zoom-bombed.
Another thing to do is to make sure that when you’re sending out invitations for meetings, that you don’t share that URL or the web address of your specific meeting publicly. That allows hackers to find the addresses and that of course allows them to target you. So keep your meetings private and make sure that on your settings only you are allowed to control the proceedings.
If you do those two steps in whatever video conferencing tool you’re using, you’ll ensure that only the people who are supposed to be on that meeting are in fact on it and that you never get Zoom-bombed again.
CP24: Scams. Unbelievable as it might be, we know there are people who are looking to take advantage of the current situation. We’ve gotten information from police in the GTA about people allegedly trying to sell bogus COVID-19 testing kits to consumers. What are some things people can do to keep themselves safe from those who might be trying to scam others via email or social media, or elsewhere on the web?
CL: The first thing you’re going to want to do is to make sure you spend a little extra time making sure that everything you see online is legit. This was as true before COVID as it is now, but is especially crucial now. So don’t open anything up on your smart phone or your tablet. Instead, wait until you get back to your laptop or your desktop computer. Then with your mouse, hover over the links or the buttons inside whatever email or social media post it is. The URL or the web address will pop up. Then you can see if it’s the legitimate address or not a legitimate address.
If for example you saw something on Facebook for some kind of cure and you’re questioning it, you can always tag it as spam. You can always mark it so that Facebook can then de-prioritize it and then ultimately remove it from the platform. So we have a role to play. Double-check that the post is legit before you respond to it and second, if it is not legit, report it to Facebook to Twitter, to Instagram, to wherever you find it so that other people don’t get it in the future.
CP24: Online shopping. A lot of people may be ordering things from places that they haven’t dealt with before in the digital space, even if they were familiar with a brick and mortar equivalent. What are some things you should consider when ordering from an online seller you haven’t dealt with before?
CL: I’m glad you raise the issue of new online sellers because really the best advice I can offer during the COVID-19 pandemic is to limit the number of organizations that you buy from. For example if you already have an Amazon account or a DoorDash account then use those accounts for online shopping and food delivery. Don’t set up a new account with an organization or a restaurant or a retailer that you’re not familiar with, the reason being the more organizations you deal with, the more risk. But if you’re already secure with Amazon there’s less of an opportunity for your information to be exposed or for you to be compromised.
Second, make sure that all of the security features on the accounts that you’re already on are activated. So go to your Amazon account, go to your Walmart account. Make sure that the dual factor authentication is activated. Make sure that encryption is activated. Make sure again that you’re using unique and strong passwords on each of these accounts. Then also double check your transaction history. Do the same with all of your banking statements. Because now is the time that hackers and cyber criminals are kind of glomming onto our online activities.
You might notice for example if there are small transactions here and there. We don’t pay attention to the small stuff, we pay attention to the big stuff, but we may be getting ripped off and we’re not gonna know that unless we check our transactions pretty regularly. Because we are shopping online so frequently we have to try keep an extra close eye on what we’re spending, where we’re spending, and do all those charges add up.
CP24: A lot of people have abandoned laptops and desktop computers altogether in the past few years. But if you find you need one now and you still have an old clunker lying around that still boots up. Is it safe to use?
CL: Be very careful about using outdated equipment to connect to the Internet or even worse, to buy things online. The reason being that that an old laptop will have all the old apps on it, will have an old version of the operating system, old versions of the browser that may not have had all of the latest patches and updates and security features installed, which of course makes them very vulnerable to hacking. So if you’re going to be buying things through this outdated technology, you’re at an even greater risk of being compromised by a hacker or cyber criminal. So if you do have an old device, an old laptop that you pulled out of the cupboard, by all means give it a try. Plug it in, try to upgrade the operating system to current standards, try to update the browser. If you can’t, do not use it for current work. Now may be the time for you to go and buy a new device. You can always order them online and they can be delivered to your home safely.
CP24: So it’s time to ditch my 10-year-old MacBook?
CL: There’s a window of opportunity in which we can use technology and unfortunately nothing lasts forever. Even if the device powers on and it works, it may not be the smartest thing to actually use it for day-to-day work. If you think you’re not exposed, you might be. The older the technology, the further back-levelled it is from current standards.
CP24: What else do we have to be mindful of online at the moment?
CL: We’re spending a lot of time online, we’re spending a lot of time on social media to connect with friends, family members, colleagues. What I’m seeing is lots of over-sharing. So for example memes and surveys like the class of 2020. Everyone is sharing and filling these things out. They’re putting personal information on them that can then be used by hackers and cyber criminals against us and so when you see surveys and memes, even if they were posted by your friends, do not fill them out. Do not over-share on social media because that again raises your risk of being targeted by a cyber-criminal and raises your risk of actually being compromised, having yourself get hacked.
So don’t over-share. Pull back on social media. By all means connect with the people who matter the most but be careful about what you’re sharing publicly because now cyber criminals are paying more attention than ever to what we’re doing online.
CP24: So what would be an example of an over-share online that a cyber-criminal might be able to take advantage of?
The year that we graduated high school, because it can speak to when we were born. The first car that we drove, the street that we lived on as children, our mother’s maiden name – all of these are data points that are often used on financial accounts as challenge questions. When you forget your password, one of the questions they will ask is ‘what’s your mother’s maiden name?’ Well if you just provided it in a Facebook survey, guess what; hackers can pretend to be you and say ‘Oh I forgot my password’ and the next thing they’re logging into your bank account, not you. So do not share these types of information. When in doubt do not share. There’s no rule that says we have to answer everything. There’s no rule that says we have to weigh in when our friends post things online. Now is the time for us to be dialling back on social media a little bit.