In the new world of remote learning and remote work, it’s more important now than ever to keep your workstation secure! Utilize these tips for a safer workstation.
April 16, 2020
Author: Miranda Pagarelski
Use Antivirus Software
Why is antivirus software important?
Getting antivirus software is an important step to keeping your workstation safe. Antivirus software will act as the “police” at the gate of your computer system. It will protect your computer from incoming threats and seek out and warn you of possible threats. As long as you continue to update the software, it will keep up with the latest threats. Antivirus software increases your computer’s lifetime, and can save you money in the long run. It’s much easier to quarantine a threat before it destroys your machine.
What does it protect against?
Antivirus software offers threat protection against different types of malware:
- Trojans: A program designed as a harmless application that actually produces harmful results.
- Ransomware: This prevents users from accessing their system or personal files, and demands payment in order for the user to regain access.
- Spyware: This locates and saves data from users without them knowing about it. It looks at the user’s habits and reports out.
- Worms: A software program capable of reproducing itself so it can spread from one computer to the next over a network.
It can also give comprehensive threat protection against:
- Boot sector viruses: This targets the software that plays a critical role in starting your computer.
What deals are out there?
- Norton Security
- Free thirty-day trial of Norton Antivirus Plus
- One of the most popular antivirus plans out there
- Bitdefender Antivirus (Free)
- “Best free antivirus scanner” in 2020
- Phishing protection, behavioural analysis, automatic scanning
- Avast Free Antivirus (Free)
- Virus detection, gaming mode, password manager, malware scanner
- Sophos Home (Free)
- Virus detection, phishing protection, parental controls, protects up to 10 PCs
- Kaspersky (Free)
- Real-time scanning, anti-phishing, email scanning, spyware protection
- ESET NOD32
- Free 30-day trial
- Protects against hackers, ransomware, and phishing. Provides the optimum balance of speed, detection, and usability.
Use a Password Manager, or Two-Factor Authentication
What is a password manager?
Password managers, also known as password vaults, are software applications that store and organize your usernames and passwords. Some password managers can even generate complex passwords that are unique to each online account you have. This will reduce redundant and weak passwords, and provide strong encryption. Plus- you only need to remember one password to unlock them all!
- LastPass
- Offers a free version.
- Works with: Windows, MacOS, Linux, Android, iPhone, and iPad.
- Browser extensions for: Chrome, Firefox, Safari, Internet Explorer, Edge, and Opera.
- 1Password
- Offers a thirty-day trial version.
- Works with: Windows, MacOS, Linux, Android, iPhone, and iPad.
- Browser extensions for: Chrome, Firefox, Safari, Edge, and Opera.
- Bitwarden
- Offers a free version.
- Works with: Windows, MacOS, Linux, Android, iPhone, and iPad.
- Browser extensions for: Chrome, Firefox, Safari, Edge, Opera, Vivaldi, Brave, and Tor Browser.
What is two-factor authentication?
Two-factor authentication, or 2FA, is a method of establishing access to an online account or computer system that requires the user to provide two types of information. This pairs a password (something you know) with a second factor. It can be:
- Something you have: Yubikeys, phones, tokens
- Something you are: Fingerprint reader, facial/iris recognition
Two-factor authentication is important, because in the event of a data breach, your username and password combination will be compromised. But, if you have two-factor authentication, a person will not be able to get into your account unless they have the 2FA.
What could happen?
Phishing
Phishing is a type of social engineering attack. It is a method of manipulating a person’s trust to gain confidential information. Social engineering can exploit emotions such as: fear, obedience, authority, greed, and empathy toward others. Attackers can gain information like: login information, passwords, bank credentials, and personal/contact information. In a phishing attack, the attacker will send a request to a mass of individuals asking for information. Only a few people will take the bait.
Examples of phishing:
- “Nigerian Prince” asking for money, donation, or investment for something that will pay off the user later.
- Posing as an authority organization asking for verification (bank login, email login, insurance information, medical information, etc.)
- Random source or organization asking users to download a file or file a link that installs malware.
This can happen to anyone. It is as simple as logging into a fake webpage, or as complicated as sending out an email catered to that individual (spearfishing).
Test out how well you can spot phishing attacks with our Internet Obstacle Course! Download and extract the zipped file, and navigate to the “pages” folder. Click on the “links” Chrome HTML Document, and test your knowledge!
Man in the Middle Attacks
A Man in the Middle attack is when a person tries to intercept data from devices connected to the internet. This is similar to tapping into a phone call between two people. The purpose of this is to gather information about the user. Man in the Middle attacks come in two forms.
The first form of a Man in the Middle attack involves physical proximity to the intended target. The attacker will try to gain access to an unsecured or poorly secured Wifi router. This is generally done in public areas that have free Wifi. From there, the attacker can deploy tools that will intercept and read the victim’s transmitted data. They can insert their tools between the victim’s computer and websites the user visits in order to capture login credentials, banking information, and other personal information.
The second form of a Man in the Middle attack involves malicious software or malware. This is also known as a Man in the Browser attack. It is a way to inject malicious software or malware into a victim’s computer or mobile device. It can be done through a phishing attack.
How do I prevent Man in the Middle attacks?
- Don’t automatically reconnect with known Wifi networks.
- Be wary of public Wifi.
- Make sure to connect to HTTPS.
For a more in-depth look at how Man in the Middle attacks work, take a look at our Wifi Pineapple post!