For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” violators would be removed from federal procurement lists, which could kill their chances of selling their products on the commercial market.
I’m a big fan of these sorts of measures. The US government is a big enough market that vendors will try to comply with procurement regulations, and the improvements will benefit all customers of the software.
Cybersecurity is often used as a blanket term to address online safety. Cybersecurity can refer to the software used to protect your devices, but it can also refer to the processes you put in place to protect yourself from online threats. Whether you’re implementing best practices, building awareness of security threats, or installing security software, taking a holistic approach to online security is crucial to remain secure and protected at all times.
Here are three tips for a holistic online security approach.
1. Safeguard Your Privacy Starting With Your Devices
Efficient online protection ultimately begins with you, the end-user, and the steps you take to secure your devices.
The first step to ensure your device is secure is never to leave it unattended. Whether you’re at the grocery store or at home, always keep an eye on your devices. All it takes is a few minutes for someone to steal them or for kids to click on a malicious link while your attention is diverted. Make sure you have a contingency plan in case your device is compromised. For example, if someone steals your device, wipe the information on the device remotely. Revert it to the factory setting, so the thief can’t access your personal information. Regularly back up your data in the event of a lost or compromised device to ensure you retain important documents.
In some instances, you can also recover deleted files at any time given the right tools. Regularly shred unwanted documents for the files that you want permanently deleted. Install security measures across all devices and your networks to protect your data and privacy. Always lock your device before stepping away and layer your device security with multi-factor authentication to ensure you are the only one who can access your sensitive information.
Passwords are the gateway to your device and play just as critical a role in securing your personal information. Follow password best practices to prevent cybercriminals or mischievous children from infiltrating files and data. Use long and complex passwords and never reuse them across accounts. You can also use a password manager to keep track of your passwords in one centralized and secure location.
2. Assess Your Awareness and Implement Best Practices
Strengthen your protection strategy by layering your physical device security with an enhanced awareness of relevant threats. Start by first taking a step back to assess your online persona. In other words, who are you? Are you a college student or a remote working parent who teleconferences frequently? Do you own an iOS device? Understand what your online devices and habits say about you as a person, as this will affect why and how cybercriminals target you.
For example, if you frequently teleconference for work or medical visits, you need to be aware of the teleconferencing risks of remote work or telehealth. Remote workers and telehealth patients face threats such as phishing emails or disrupted video conference calls. As a result, users must know the importance of using a video conferencing tool with end-to-end encryption and not sharing sensitive information through chat features.
Once you know the risks you face as an online user, consider the specific daily best practices for online safety. One good habit includes regularly updating your devices and software. Updating laptops, mobile devices, and routers ensure that existing bugs are fixed and security flaws are patched. Devices not equipped with the latest software are vulnerable to hackers.
Additionally, many cybercriminals will use social media to identify victims and target them through social engineering tactics. For example, they will send phishing emails to steal personal information and sell it on the dark web or hold it for ransom. Once you know what to look for, phishing emails are easy to spot. From there, you can send malicious messages straight to your trash folder and sidestep the threats that lie within. Check your privacy settings to control who can view your posts and ensure you receive notifications about suspicious activity on your account. Don’t respond to unknown messages and think twice before revealing sensitive information online. Practice better awareness by keeping up with new viruses and vulnerabilities. Use monitoring tools to check if your email or phone number is released in a recent data breach. Keep an eye on your financial accounts and consider freezing your credit to prevent hackers from taking out loans and opening new accounts in your name. Read reports such as McAfee Labs Threats Report and stay informed through credible news sources to stay one step ahead of the latest threats.
Also, stay aware of online fraud tactics since they are a significant risk for many Canadians. According to a CPA Canada Fraud Study conducted in January, almost three in four of those surveyed have received fraudulent requests including email and telemarketing requests. Evade online fraud by screening for unknown calls and steering clear of unsecured websites asking for sensitive information such as personal identification numbers and bank information.
3. Leverage the Right Technology and Resources
The final component of a holistic security strategy involves implementing a complete security suite, such as McAfee Total Protection, across all your devices. Leveraging software security tools is one of the best ways to protect your devices and personal information from online threats. This software takes a multi-layered approach to security to prevent virus infection, detect vulnerabilities and minimize the risk of viruses.
For example, tools like a VPN and antivirus software take a preventive approach to online security. A VPN encrypts your data, so even if someone were to get their hands on your information, they would not be able to make much sense of it. Antivirus software guards against malware and monitors online traffic and activities for malware.
Detection and correction capabilities are also crucial to a well-rounded security suite. Identity theft protection is a critical part of this solution to ensure the integrity of your credit, as well as your court and criminal records, remain intact. Report missing ID cards and conduct a background if you suspect someone is impersonating you. The right security solution will be able to monitor your accounts and notify you when it detects unusual activity. It will also be able to guide you through the remediation process to restore your privacy and identity.
Champion Your Digital Protection
Effective cybersecurity requires a multifaceted approach to create a holistic security strategy. This approach should integrate layered protection starting with your devices, expanding to your threat awareness, and ending with the software tools you leverage to enhance your digital security. With a strategic framework in place, you can rest assured knowing that you are well equipped to handle whatever malicious threat comes your way.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
Police Doxxed After Ransom Dispute
Cyber-criminals appear to have leaked online data belonging to the Metropolitan Police Department of the District of Columbia after the law enforcement agency allegedly failed to comply with a ransom demand.
In April, ransomware gang Babuk claimed to have stolen more than 250GB of data from the MPD. Data posted by the gang to back up their claim appeared to contain MPD reports, mug shots, internal memos, and personal information belonging to some suspects who had been placed under arrest.
MPD said on April 26 that it was “aware of unauthorized access on our server” and was working to determine what data may have been compromised.
Vice reported that on Tuesday, Babuk started publishing what it claims are MPD files online after ransom negotiations broke down.
Babuk claims that an amount of money allegedly offered by MPD to secure the files the gang claims to have stolen was too low.
“The negotiations reached a dead end, the amount we were offered does not suit us, we are posting 20 more personal files on officers, you can download this archive, the password will be released tomorrow,” said the gang on their darknet website.
This latest cache of data leaked by Babuk appears to include a great deal of personal information about individual police officers. Contained within the 22 files are what appear to be Social Security numbers, credit histories, home addresses, contact details, financial information, psychological evaluations, polygraph responses, supervisor interviews, birthdates, signatures, and driver’s licenses.
ABC News reported that a source said late Tuesday that the Metropolitan Police Department of the District of Columbia was notifying the affected officers. MPD has not confirmed the authenticity of the leaked data.
Its publication is comparable to a doxxing attack in which identifying information about a particular individual is published on the internet, typically with malicious intent.
The timing of the publication coincides with the United States’ National Policing Week, which began on May 10.
Babuk previously said that it planned to disband after attacking the Metropolitan Police Department of the District of Columbia. However, it appears that the gang have since targeted Japanese company Yamabiko, which manufactures power tools and agricultural and industrial machinery.
More Domestic Abuse Cases Involve Tech
The number of complex domestic abuse cases in which perpetrators used digital technology to harass, stalk, and control their victims has risen sharply in the United Kingdom.
According to the charity Refuge, which is the largest specialist provider of domestic abuse investigation services in England and Wales, the average number of complex tech abuse cases reported from April 2020 to May 2021 rose 97% compared with the three months before the outbreak of the pandemic.
Tech abuse can take many forms, including cyber-stalking, hacking into a victim’s email or phone, sending abusive electronic communications, controlling passwords for online accounts, and installing spyware on a victim’s devices.
Refuge, which supports over 7,000 people a day, set up a dedicated tech abuse team in 2017. The increase in cases over the past year has been so significant that the charity recently created a new website that aims to provide further support.
The site contains advice in English, Urdu, Polish, and Spanish on how to secure technology and details of where people can access support if they are experiencing digital abuse. Included are 17 different support guides that walk users through a range of device and account settings step by step.
“Over the last year, as the UK moved to adopt necessary lockdown measures, many of us have turned to our tech to connect with loved ones,” said Refuge chief executive Ruth Davison.
“However, at Refuge we’re keenly aware that technology is often used by perpetrators of domestic abuse to further isolate, intimidate, and stalk their partners from their support networks, making it even more difficult for women to escape their abusers.”
“The growth in stalkerware and spyware poses a huge concern,” said Avast CISO Jaya Baloo.
“Stalkerware is a form of tech abuse, an increasing threat which takes away the physical and online freedom of the victim. Usually installed secretly on mobile phones by so-called friends, jealous spouses, and ex-partners, stalkerware tracks the physical location of the victim, monitors sites visited, phone calls, and text messages, undermining a person’s online freedom and individual liberty.”