Cybersecurity Roundup Series - April 2020
With sheltering in place, working from home, and distance learning becoming the new norm, April was an adjustment period for many. New concepts were introduced that a lot of us were unfamiliar with before the pandemic hit – video conferencing apps, VPN use, virtual classrooms and more. As with anything new that is introduced, there is always the unknown of how safe and secure they really are. This can especially be said with much of the new tech that we may be dealing with on a daily basis. With us spending more time at home, new ways of becoming vulnerable came to light. Here are some of the top cybersecurity news for the month of April.
Hackers Targeting Employees Working from Home
Ensuring a productive work setting at home requires having the necessary equipment. Work laptops that always stayed at the office are being brought home and additional purchases of new equipment like routers, computers, webcams, and software are growing. Because of this rapid shift, gaps in security has become inevitable. Such examples include employees using unfamiliar software like a VPN service or the use of one’s own aging computer whose operating system may not be up to date.
According to an article by ZDNet, “for the last couple of months coronavirus-themed malware and phishing scams have been on the rise.” This becomes even more risky because while at home employees not only need to be mindful of their own personal data, but also the data of their employer. ZDNet also says, “staff working from home, struggling to manage their home and work lives, will be more distracted and may fall for tricks they would usually see through”, ultimately proving costly to many businesses. When it comes to organizations, they recommend thinking about security implications and settings for many of the tools employees are using, and to understand the risks and consequences. Additionally, for employees that are working from home, it’s imperative to be aware of potential phishing scams because they won’t be going away anytime soon.
Video Conferencing Privacy and Zoombombing
As the popularity of video conferencing apps grows, the likelihood of finding ways to exploit them grow as well. In the case of Zoom a new form of cyber harassment was born, Zoombombing. This occurred when Zoom calls were “hijacked by unidentified individuals and trolls who spew hateful language or share graphic images.... In fact, Zoombombing occurred so much that the FBI issued a news release warning users of this threat.
Naturally, this became a concern of many, along with other privacy concerns flagged by users, security researchers and US authorities. As Zoom CEO Eric Yuan addressed these security concerns, he referenced a recent blog post to help combat Zoombombing. Additional measures that both the FBI and Zoom recommend to help secure video conference calls include making meetings private, require a password to join, have a waiting room to screen attendees, avoid sharing the meeting link in public, and limit screensharing.
Over 150K Nintendo Accounts Potentially Hacked
Many are turning to different options to stay entertained – binge watching a new series on Netflix, listening to podcasts on Spotify, or turning to video game play on their favorite console, just to name a few. In early April, Nintendo announced that over 160K Nintendo Network ID (NNID) account were compromised. In the wrong hands, someone with these NNID account details can purchase digital items like games, as well as make in-game purchases if your NNID account is linked to your Nintendo Account.
Nintendo has reached out to users who they believe were affected to reset passwords for NNIDs and Nintendo Accounts. They are also encouraging users to enable 2-Step Verification for added security. Even if you haven’t been notified by Nintendo to reset your password, to be on the safe side, you may want to change your password anyway.
Did we miss out on any other relevant cybersecurity news in the last month? Let us know in the comments below!
Re: Cybersecurity Roundup Series - April 2020
Before you start giving holy information about cybersecurity issues on other suppliers you should address issues with your own products. allowing faults that you are not addressing on your own products that leave your customers WiFi wide open for anyone to connect to