Podcast

Firms Must Commit to Employees' Wellbeing to Boost Cybersecurity

Regardless of a company’s product or service, nothing comes close to employees as the organization’s most valuable asset in bringing in revenue. In the same breath, it’s also the employees that are the perennial apple of the eyes of cybercriminals to help them bring home the bacon. Exploiting human weaknesses like inattention, ignorance or negligence has proved to be easier and cheaper than trying to fool sophisticated protection software.

ISNadmin

Regardless of a company’s product or service, nothing comes close to employees as the organization’s most valuable asset in bringing in revenue. In the same breath, it’s also the employees that are the perennial apple of the eyes of cybercriminals to help them bring home the bacon. Exploiting human weaknesses like inattention, ignorance or negligence has proved to be easier and cheaper than trying to fool sophisticated protection software. 

Company size and industry doesn’t even matter—cyber attacks are usually productive leaving business owners hurting with losses. To manage the damaging effects of a single data breach, a small to medium business (SMB) spends an average of $101,000 (5.050 million pesos) while an enterprise company shells out a whopping $1.057 million (52.850 million pesos), according to the most up to date Kaspersky data.

“Historically, the human factor has been the organization’s weakest link in any cybersecurity incident. And regardless of how advanced your security technology is—just one careless or clueless move by an employee will put the whole organization at risk. But today’s working environment as impacted by COVID-19 may potentially up the ante as far as cybersecurity risks are concerned,” said Mary Grace Sotayco, Kaspersky territory manager for the Philippines.

According to the cybersecurity company, working remotely means companies have less control over IT security such as in situations when employees are not issued corporate devices. In the Philippines, the bring-your-own device (BYOD) approach is pervasive within the small and medium sector due to cost issues. 

With the pandemic, Kaspersky said it’s business as usual for cybercriminals who are also working from home. These nefarious groups have been active since the second quarter of this year as brute-force attacks on database servers were monitored to have increased by 23%, malicious files planted on websites were up by 8%, and network attacks and phishing rose.  

But a bigger threat to any businesses during this period is not the lack or insufficient technical cybersecurity know-how of its employees but their wellbeing. 

A recent survey on the mental health of remotely working Filipino employees during quarantine revealed that adjusting to the new normal and isolation are leaving employees stressed, anxious, and depressed. 

The cybersecurity company said despite being considered the weakest link, businesses can start looking at their employees as their first line of defense instead to bolster their defenses. Kaspersky says it’s possible for business owners to achieve this by prioritizing their employees’s wellbeing immediately.  

“We have always advocated for businesses to provide technical support to their entire organization. But we’re currently in a different situation and the logical step forward is to ensure that work-from-home teams are not only supported in their technical knowledge on security but are also assisted in terms of their wellbeing. When employees remain calm and collected, work-related human error is significantly minimized. We strongly recommend organizations to pay extra attention to their staff’s mental health to boost their team’s resilience at this time,” added Sotayco. 

While breaches are unavoidable, its impacts can be kept to a minimum. Kaspersky offers the following tips for businesses during these times:

1. Keep communication lines open, communicate more and sincerely. 

Your people will need and appreciate your transparency. In case a crisis strikes, make sure they get information first from you than from external sources. 

2. Provide employees with an emergency preparedness plan early on

This will empower the people and will help lessen their possible panic and stress over the incident. A recent Kaspersky report revealed that almost half of employees don’t know how to respond to ransomware attacks. Another study from the cybersecurity company revealed nearly three-quarters (73%) of workers say they have not had any additional IT security awareness training after they switched to working from home full-time.

3. Equip WFH employees with protection solutions for their devices. 

In the Philippines, Kaspersky has an ongoing limited offer for enterprises which will allow their employees to have internet protection software at discounted pricing. Most SMBs would benefit from this since the BYOD practice has been worrisome for 48% of businesses because they acknowledge that devices are shared for personal and work use. This is a particular concern for 57% of small businesses. 

In a study conducted by Kaspersky in April 2020, it showed that only a third (32%) of businesses have provided their employees with antivirus software to use on personal devices for work purposes since the transition began. While 86% of respondents say they have antivirus software installed on their personal computers, there is now more responsibility on employers to offer the right protection solutions. 

Additionally, just half (53%) of workers say they are using a VPN to access their employer’s network when working from home. This could potentially be leaving corporate information and files vulnerable to cyberattacks, or accessible to people outside of the business. 

4. Put in place a good workload management. 

Against the backdrop of this global crisis, most employees these days identify burnout as their biggest stressor, according to professional feedback platform blind. The study cited the following reasons as reasons for burnout: no separation between work (27%), unmanageable workload (20.5%) and job security concerns (19%). 

5. Provide psychological and social support. 

When your staff feel they’re being supported enough by the company, this validates their contributions and their performance is enhanced. In an article by the World Health Organization, Switzerland-based neurologist Dr. Konstantinos Petsanis says that stress behavior in general brings a lot of problems. He affirms that if mental health needs are addressed as soon as possible, there will be fewer work-related errors and issues and there will be less stress and panic among the staff.

 

So, your account was hacked. What now?

What to do if an account is hijacked: How to minimize damage, restore your Digital Comfort Zone, and avoid getting bamboozled.

ISNadmin

Finding out one of your accounts has been hacked can be pretty stressful — more so if it’s one you actively use to chat with friends, make purchases, or store files.

Instead of reacting emotionally, it’s important at this early stage to focus on minimizing consequences. Rescue your money and data, protect your friends from scammers, regain control of your account — generally, reverse or at least halt the damage. We will tell you what steps to take.

If you can’t sign in at all

In many cases, users first learn they’ve been hacked by suddenly becoming unable to log in to an account. That’s because in many cases, the first thing hackers do is change the password, locking out the victim and gaining complete control over the stolen account.

Don’t panic: You can still do plenty. Take a deep breath. It is important to do everything quickly and prioritize your actions.

Try resetting your password. If you act quickly enough, the attackers may not yet have had time to disassociate your e-mail from your account.

Warn as many people as possible that your account was hacked. Get in touch with friends and loved ones. Post a message on social networks. If people know your account was hacked, they will be less likely to fall for the scammers’ tricks if attackers start sending requests in your name, for example telling everyone in your address book that you have an emergency and desperately need cash.

Call your bank or other financial service if the scammers hacked an account in a payment system or one with an associated credit card.

Scan your computer using antivirus software to make sure that it is free of any malware that could be used to steal account passwords.

Make a list of the most important services associated with your hacked account. Recall all of the services that you log in to using this account as well as any that send password reset e-mails to this account.

Try logging in to those services and unlinking them from the hacked account.

Change the passwords for the associated accounts as well as for any services for which you used the same password as for the hacked account. (It is also worth changing the security questions for other services if they are the same ones you used for the hacked account. Better yet, you should also set up two-factor authentication.)

Contact account service support and try to restore access to the affected account. See the instructions for Facebook, Google, Instagram, and Twitter.

What to do if you receive notification about suspicious activity

Many online services warn users if their accounts are used to perform certain significant actions. The actions may include changing your password, linking a new phone or e-mail address to the account, and logging in from a new device or location. If you didn’t perform those actions and still received such a message, then you should be concerned.

Try to log in to your account, but not using any links in the notification. Phishing messages seeking login credentials can look a lot like official account notifications. The best practice is to manually enter the address in your browser or open the app.

Check your login history if the account allows it, and if you see any unfamiliar devices or places on the list, immediately log out all other users.

Check all of your account details including e-mail address, phone number, and security questions.

Change your password. Make sure that it is strong and substantially different from the old one. If you are afraid that you will forget your new password, use a password manager to safely store all of your passwords.

Change the password in all accounts where you used the compromised one, as well as in accounts associated with the compromised login (for example, accounts at all online stores where you logged in using a hacked social network login).

What to do if you receive a ransom letter from hackers

Sometimes, attackers get in touch, claiming to have gotten into your account, infected your computer with terrible malware, recorded a compromising video using your webcam, copied your messages, or the like. The malefactors typically threaten to publish the collected data if you don’t pay a ransom.

In fact, it is unlikely that anyone hacked your device. Scammers have been known to send extortion letters in all sorts of circumstances, including to the addresses in some spam database. If you want to play it safe, go ahead and change the password for the account that was allegedly hacked — it’s not a bad thing to do that every so often anyway. Again, if you are afraid that you will forget your new password, install Kaspersky Password Manager, which will remember everything for you.

How to avoid falling victim to hackers

Of course, it’s best to keep scammers out of your accounts to begin with. Therefore, even if you are not the victim of a hack, make sure your accounts are protected:

Use strong and unique passwords;
Activate two-factor authentication;
Install a reliable protective solution on all of your devices. It is important to choose a package that will not only catch malware, but also warn you if the credentials for any service that you use have been leaked.

Your child is ready for online learning --- How about you?

Here are 5 Things You Need to Know First

ISNadmin

As schools turn to cyberspace to make remote teaching possible, parents are suddenly forced to embrace distance learning and assume added responsibilities with their child’s schooling.

For the overwhelmed parent, it can be tempting to just hand a computer to a child and shove them into the online world on their own and expect them to thrive.

Just like in the physical world though, the cyberspace is filled with as many opportunities as there are threats. Kids being kids, they cannot yet be expected to distinguish between good and bad. So the onus is on the parents to step up to make it work right.

Here are five things that parents need to know to prepare themselves as they weave family life into their child’s home learning with online safety in mind:

1. Communicate

The Internet can be compared to a huge, limitless library, where information just seems to be endless. This means that online learning can be a breeze because everything is at our fingertips. While it can be beneficial for a child, the Internet can have hidden pitfalls that can only be avoided with early, frequent and proper communication between parents and children 

In Kaspersky’s most recent survey, it was revealed that the majority of parents (58%) have spent less than 30 minutes talking to their children about online safety throughout their kids’ childhood.

As parents of today’s digital kids, you can do more. Laying down clear-cut rules and discussing these with your child in the beginning is a good start. Have a heart-to-heart talk with your kids to explain the family guidelines on behaving online and engaging in online activities such as signing up on websites, sites, making online purchases, downloading music or video files, or joining chat or messaging rooms. 

According to Kaspersky Security Network data from January 2020 to May 2020, Filipino children users of devices installed with Kaspersky solutions have been engaging in buying and selling of items online which peaked in April 2020 at 6.04% during the pandemic period from only 3.42% in January 2020. In the same period, Fiipino kids were also seen to have been downloading a bit more software, audio and video content from 32.67% in January 2020 to 38.7% in March 2020.

Such activities pose security risks if children are not made aware of possible dangerous outcomes --- confidential login details or financial data used in online shopping may be used fraudulently. Children may also unknowingly download materials from torrent sites which may come with free malware that can wreak havoc on one’s device.

2. Surf together

One of the key findings in Kaspersky’s survey showed that 50% of parents manually check their children’s devices to look through browsing history, after use. Parents may think that doing so is alright but children may feel otherwise.

Building mutual trust is possible when parents spend time online with their children, particularly during online learning sessions. This is important as parents teach their kids how to explore the Internet safely and how to use this platform for studying online and socializing with friends, classmates, and teachers.

It’s also advisable to keep the devices out in the open, placed in communal spaces around the house to help parents stay on top of any potential issues. Doing so also prompts children to self-check because of an adult’s presence within the space.

3. Limit online time

The Web is so named because it's like a web. Or a maze. And anyone can get lost in it. Kids can get distracted from schoolwork or they can have extended screen time past their school hours at home. They can be endlessly glued on to their devices if they are unmonitored.

Set boundaries by scheduling their time on their screen and going offline. One good way is to set off the alarm to alert you and your child.

Kaspersky’s survey results show that a quarter (26%) of children experienced being addicted to the internet. This has often led to kids clamming up emotionally and socially, displaying irritability or signs of depression when not online. Other children even sacrifice sleep to spend an extra hour online.

Setting boundaries will help keep your child from spending too much time playing games or watching videos rather than studying. Besides needing boundaries, kids thrive better with a good balance of activities to enjoy a healthy childhood despite this pandemic situation.

4. Debrief daily

Oftentimes, search results for study purposes don't exactly lead to the kind of information one is looking for. A child might make an innocent search for a school topic but may find mature content intended for adults.

Children seeing harmful content online (27%) is the top online threat that families have reported experiencing, based on a Kaspersky survey released in Q4 of 2019. Among the dangerous things that kids encounter on social media are sexting and cyberbullying. In a previous international survey from Global Kids Online, a third of children in the Philippines have been reported to have seen sexual images throughout the year of 2018.

The recent KSN data showed Filipino kids’ interest in weapons also went up from 0.12% in January 2020 to 0.53% in April 2020.

Spending a few minutes with your child before bed each day, talking about their good and bad encounters, including their online activities, will help normalize the conversation. Over time, such a conversation will feel less like making a special effort for parents to “check in” and will contribute to a family’s cybersmart approach to safety.

5. Educate yourself

Kaspersky suggests for parents to catch up with the cyberworld and to plan their conversations with their children ahead of time. There are also advanced solutions like Kaspersky Total Security 2020 that’s loaded with the Safe Kids feature to help parents protect their kids when online.

“Use the resources available around you. As parents, we want the best for our kids and we are learning as we go. Our own approach will be different from the next parent and it’s totally fine. We have the technology, up-to-date information provided by organizations and companies and we have our fellow parents to ask for help. We found that when parents pool their wisdom and provide their kids with specific, practical and timely advice delivered in a way that is useful and memorable, that’s how they become effective in raising their kids safer in a digital world,” said Yeo Siang Tiong, general manager for Kaspersky Southeast Asia.

Kaspersky Total Security 2020 is a great tool to help parents look after their children when online.

Parents will also appreciate the security solution’s adult site blocker, screen time manager, app use controls and social network tracker (because kids now have their own Facebook, Instagram and Twitter accounts!). With the GPS child-locator in Kaspersky Total Security 2020, parents can even check their kid’s location and find out if the child steps beyond the safe area specified.

“In one of the surveys in the past where children were asked globally, 75% of the kids said they’d feel safer if they could speak with their parents about online dangers. Again, we start by educating ourselves and choosing the correct tools to help us and kids each to stay safe online,” Yeo added.

The single-user license of Kaspersky Total Security 2020 retails for Php 1,390. KTS is now available in all major IT stores nationwide.

How to protect your TikTok account

We reveal the best settings for protecting your profile from hackers, haters, and spammers.

ISNadmin

Every day, millions worldwide watch short-form videos on TikTok and share their own clips. Some do it to be creative and sociable; others are seeking popularity. But as in any online community, TikTok is not just a platform for cool bloggers and their fans. It is also home to haters, spammers, and scammers. We tell you what security and privacy settings will help protect your account from them.

TikTok security settings

Let’s start with the most important thing: protection from hacking. To see the few security settings TikTok offers, tap the Me icon and then the three dots in the upper right corner of the screen. The settings you need are under Manage my account.

Does TikTok offer two-factor authentication?

Many social networks and services help secure users against password theft. Enabling two-factor authentication adds an extra layer of protection: If 2FA is enabled, in addition to your password, the app requires a one-time code that it sends on request in SMS, for example.

TikTok has no such setting, only the Log in with verification code option. In this case TikTok sends you a one-time access code in a text message. However, that’s not two-factor authentication; the code doesn’t complement your password but rather replaces it. Simply put, if you have the code, you can log in to your account without a password.

This solution is not perfect, because codes sent by SMS are far from the most reliable protection — although at least TikTok’s approach will save you if your password gets stolen; without that code no one can log in from an unfamiliar device. (One other thing: Unlink TikTok from your phone number if you plan to change it.)

If you sign in through Facebook or another social network, TikTok won’t send anything. The app simply trusts other services. Make sure your Facebook account is properly protected.

How to disable password saving

By default, TikTok remembers your username and password. That’s handy. But you never let anyone else use your phone, right? If you do, disable that feature by deselecting the Save login info option under Manage my account.

How to find out if someone is using my TikTok account

Let’s say you logged in from someone else’s device and forgot to log out. Or you fear your account might have been hacked. Checking to see whether someone else is using your TikTok account is easy.

Tap Manage devices to see which phones your TikTok account is open on.
Log out devices that you do not use by tapping the trashcan icon next to the relevant gadget in the list and selecting Remove.
For safety, change your account password.
Configuring privacy in TikTok

Your TikTok profile is visible to everyone by default. Outsiders can find your account, watch a video, and leave comments. If you are tired of spammers and haters, or just prefer not to share videos with all and sundry, tighten up your privacy settings. To do so, tap Me on the home screen, then the three dots in the upper right corner, and open Privacy and safety.

How to make a TikTok profile private

If you’re not interested in becoming a TikTok star and just want to share clips with friends, make your account private, letting only approved subscribers see your videos and likes. To do so, go to Discoverability and enable the Private account option.

Your existing subscribers will automatically be approved and able to see your videos — similar to how a private profile works in Instagram. If that is not to your liking, remove unwanted subscribers on your profile page (Me).

Remember that even if you make your profile private, its description will still be visible to all TikTok users. Don’t post unnecessary personal information there, like your home address or phone number.

How to remove your profile from recommendations

By default, TikTok recommends your profile to other users if its algorithm finds your clips interesting or recognizes you as familiar to them. Even private accounts can wind up in the recommendations. That might happen, for example, if you have friends in common with another user or they have your phone number.

If you want to avoid getting into any recommendations whatsoever, block the app from inviting others to follow you. To do so, turn off Allow others to find mein the privacy settings.

How to get rid of spam and hate in comments

Unfortunately, not all users mean well. Some TikTokers are there to shower others with ads or insults.

To keep the comments section under your videos from becoming a sewer, you can set some restrictions. The easiest is blocking outsiders from discussing your clips. To do so, under Who can post comments select Friends or Off.

TikTok also lets you disable comments under a specific video. To do so, open the video, tap the three dots at the bottom right, and select Privacy settings. On the settings page that opens, tap Turn off comments for this video.

If, however, you want viewers to be able to speak their minds about your clips, but you do not want to manually remove spam and hate in the comments, try configuring a keyword filter. To do so:

Tap Comment filters.
Enable Filter spam and offensive comments. This is TikTok’s automatic moderator.
Turn on Filter keywords and specify words and phrases you don’t want to see next to your videos. The robot will hide comments that contain them.

How to turn off duets in TikTok

One of TikTok’s specialties is the ability to create duets (combine other users’ videos with your own) and reactions (video responses to others’ videos). By default, any TikToker can take a clip they like and use it in a duet or post a reaction. If your clip inspires someone to be creative, that’s cool.

The problem is that trolls can use the feature to attack you. You can block strangers from making duets and reactions based on your videos by tapping Who can Duet with you and Who can React to your videos, and in both settings select Friends or Off.

Are you generally in favor of duets and reactions, just not of that video of you singing in a bar? No problem: You can block the use of a specific clip. To do so, open it, tap the three dots at the bottom right, and select Privacy settings. On the page that opens, tap Turn off duet/react for this video.

How to remove spam from private messages in TikTok

If your private messages in TikTok are open to everyone, then anyone can flood your account with ads or invitations to follow them. To get rid of annoying spam, you can block incoming messages altogether or allow only friends to send them. To do so, go to Who can send you messages and select Friends or Off.

How to prevent video theft in TikTok

Another TikTok feature lets you download other people’s videos. On the upside, it’s a convenient way to save videos you like. But sneaky TikTokers can steal your megaclips and post them as their own, say, on YouTube. To make it considerably harder to steal your videos you can disable this option. To do so, go to settings and for Allow download select Off.

How to block annoying notifications in TikTok

Like any social network, TikTok lives for your attention. By default, the app keeps you apprised of every little thing that happens: likes, comments, new videos, recommendations. Annoyed by endless notifications? If so, turn off those you don’t want in the account settings:

Select Me on the home screen.
Tap the three-dot icon in the upper right corner.
Select Push notifications.
Deselect events that you do not wish to be notified about.
Alternatively, you can turn off all TikTok notifications in the device settings. To do so in Android:

Open your phone settings.
Select Apps & notifications.
Go to Notifications.
Scroll down to the list of apps.
Find TikTok in the list of apps and disable notifications from it.
In iOS:

Open your phone settings.
Go to Notifications.
Find TikTok in the list of apps and disable notifications from it.

How to block users in TikTok

If a fellow TikToker gets on your nerves and you do not want them to see or comment on your videos, block them. To do so:

Open their profile.
Tap the three-dot icon in the upper right corner of the screen.
Select Block.
Tap CONFIRM.

How to make TikTok videos private

Clips are not always ready for posting straight away. You might want to touch up a video later or try out some filters and features. Or maybe you shot a video purely as a personal memento. TikTok lets you make the clip visible only to you (or you and your friends).

For a new video:

After uploading the video, tap Who can view this video on the Post screen.
Select Friends (if you want them to see it) or Private (if you don’t).
For video you already posted:

Open the video.
Tap the three-dot icon at the bottom right.
Select Privacy settings.
Tap Who can view this video and select Friends or Private.
Remember to configure privacy and security in other social networks

Now that your TikTok account is reliably protected, it’s time to think about the security of your other accounts. See our security tips for Facebook, Instagram and Twitter.