AUGUSTA, Ga. (WJBF) –Nicole Cliff from the Georgia Cyber Center joins Brad Means on The Means Report to discuss how to protect your devices and information while working remotely in this pandemic.
Brad Means: Nicole, I hope everything is going well with you. Thanks for being with me.
Nicole Cliff: Hi Brad, thanks for having me back. It’s always a pleasure.
Brad Means: Well, we sure do appreciate it. You know, my wife mentioned to me about two weeks ago, you need to do something on scam artists, people who are trying to hurt us during these times, and I said well, I don’t really know if it’s that big of a deal, but it is that big of a deal, especially when people are working from home. What kind of threats are out there, Nicole, for folks who are just trying to get their job done on their laptops?
Nicole Cliff: So that’s a great question, Brad. As everyone is doing, and first of all, I just want to take the time to just give a big shout out to everyone as they’re doing remote working and to the teachers who are teaching from home. You know it’s just a great time to look at America and say wow, this is when we can all just pull together and pool our talents and our creativity, and resources and just make things work, so it’s always just a great time to be an American when there are times of trouble and crisis. But as far as remote workers go, typically remote workers are accessing corporate resources through what’s called a VPN, and we’ve heard that term before. It’s a virtual private network, and VPNs actually leverage public network infrastructure by making a private tunnel, so that private tunnel is only going to be secure as the software that creates it. So the users have to make sure on both sides of that tunnel, so at the corporate side and the user side, that the software stays up to date, that the settings are in compliance with the policies and standards of the respective business. I also just want to take the opportunity to remind users in the viewing area to make sure that all of your software settings are up to date, so any software vulnerability on your computer could potentially give an attacker access to your computer, so for instance, if you’ve got Adobe Acrobat, and it says a new update is available, you need to install that update, because that could be a potential threat vector or access for an attacker to gain access to your computer and then potentially access corporate resources that you’re using to work from home.
Brad Means: Yeah, I think that’s good advice. A lot of people sometimes are reluctant to download those upgrades because they think it’ll slow their computers, but you need that security to be the very latest. Let me ask you this about the pandemic itself, the coronavirus itself. How are cyber-criminals using that, and maybe even playing on our fears of that to scam us?
Nicole Cliff: Well, Brad, it’s unfortunate that it’s happening, but the reality of it is that it is happening. As a result of the COVID-19 pandemic, cybersecurity professionals have seen threats escalate over 71%, so cyber threat actors are opportunists and they will never let an opportunity to exploit potential victims go to waste. As a result, they’re diverting all their resources to exploit the COVID-19 pandemic. How are they doing this? They’re essentially rebranding some of the old tricks. I’m sure you’ve heard of phishing attacks. Those are attacks that are launched through email. So they’re sending out these phishing attacks. However, the subject line has to do with the COVID-19 pandemic, and in this case, a phishing attack is a social engineering attack that is used to lure an attacker in by playing on their curiosity. In this case, they’re actually exploiting the user’s fear of the COVID-19 pandemic. So maybe the email could say something about a cure, or a prevention technique, or new information, or the death toll, and of course, people are interested. They want to stay in the loop and have the most current information, so they may be tempted to click on the link that’s inside the email. The guidance there is you can’t click on links in email. The approach is still the same. Avoid the temptation. Do not click on the link.
Brad Means: Yeah, and so does that all go under the category of ways to protect yourself? Because I know people are wondering how they can protect themselves. What are your recommendations along those lines? ‘Cause now I’m reluctant or scared to click on anything.
Nicole Cliff: Yes, I was thinking this morning, since we’re working from home, I’ve seen a lot of posts about people working in pajamas and you know, I gotta go to work this week, I gotta wash my pajamas. You know, since we’re working from home, I’ve still gotten up, I do the same things, I get ready, brush your teeth, floss your teeth, do all those things, and those are the same things from a cybersecurity, hygiene, you still have to practice the same things that you would do at work. So you wouldn’t click links at work. You wouldn’t open attachments. At least I hope you wouldn’t, so you want to have just good cybersecurity hygiene, and that means don’t relax just because you’re at home. Read emails carefully. Don’t react in emotion just because the pandemic has everybody fearful. Don’t react in emotion, and bottom line is do you click on the email? No, you don’t. If you want information concerning the pandemic, you should actually navigate to the coronavirus.gov site. You know, go to a trusted resource, and obtain the information that you need. Don’t actually use that email as the resource to obtain the information, just to be safe.
Brad Means: No, that’s good advice, too, Nicole. We have time for a couple more questions. I have so many questions for you, and I always say that we need to dedicate two or three entire episodes to you because this is something that’s on so many people’s minds. What about when we’re trying to do good, Nicole, when we’re trying to donate to charities, to good causes, to let there be some sort of happiness that comes out of these times? You still want us to be careful, right?
Nicole Cliff: Yes, absolutely, and I understand that. You know, people, you hear these stories and you actually want to give to people, and you want to give to good causes, but the bottom line is consumers have to exercise their own due diligence, and conduct their own research. If consumers want to donate and decide that an institution is worthy of donating money and giving money, then never give cash is the guidance. Don’t give gift cards, and don’t use your debit card. Actually donate using a credit card because if there is some sort of fraudulent transaction, if the institution comes back to be fraudulent, you have some sort of recourse to get your money back. The credit card normally allows you to dispute those charges.
Brad Means: Probably my last question, Nicole, and it just is general advice on how people can stay safe, especially, and we’ve touched on this before, especially when it comes to our personal information because people will hit you up on your email or through some of these phishing scams you’ve mentioned, and they’ll want your personal information. What do you say about that?
Nicole Cliff: You are your first line of defense, and be very adamant, and be vigilant in refusing to give your personal information away. Your default response should be no when someone solicits your Social Security Number, your driver’s license number, your Medicare ID, your address, your phone number. All of that information is considered personal identifiable information. Don’t give it away. All of these social networking schemes that are asking for you to post your high school and when you graduated, all of that information is actually your security questions, information that’s in your security questions that can be used to reset your password, stop giving that information away freely. Don’t do it. I know you’re bored at home, and you want to play games, but don’t play those games. Go get Monopoly. It’ll keep you busy for a long while.
Brad Means: Absolutely, that’s a much better way to pass the time, a much safer way to pass the time. Nicole Cliff, thank you so much. I look forward to having you back in our studio soon, but we sure do appreciate your time and your advice today.
Nicole Cliff: It’s my pleasure, Brad, thank you for having me.
Brad Means: Absolutely, Nicole.
Nicole Cliff: Stay safe.
Brad Means: Yes, ma’am, you too, you too. Nicole Cliff from the Georgia Cyber Center.