FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdayhttp://blog.trendmicro.com/feed

Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis

By Trend Micro

We’ve all been spending more of our time online since the crisis hit. Whether it’s ordering food for delivery, livestreaming concerts, holding virtual parties, or engaging in a little retail therapy, the digital interactions of many Americans are on the rise. This means we’re also sharing more of our personal and financial information online, with each other and the organizations we interact with. Unfortunately, as ever, there are bad guys around every digital corner looking for a piece of the action.

The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.

It therefore pays to be careful about how you use your data and how you protect it. Even more: it’s time to get proactive and monitor it—to try and spot early on if it has been stolen. Here’s what you need to know to protect your identity data.

How identity theft works

First, some data on the scope of the problem. In the second quarter of 2020 alone 349,641 identity theft reports were filed with the FTC. To put that in perspective, it’s over half of the number for the whole of 2019 (650,572), when consumers reported losing more than $1.9 billion to fraud. What’s driving this huge industry? A cybercrime economy estimated to be worth as much as $1.5 trillion annually.

Specialized online marketplaces and private forums provide a user-friendly way for cyber-criminals and fraudsters to easily buy and sell stolen identity data. Many are on the so-called dark web, which is hidden from search engines and requires a specialized anonymizing browser like Tor to access. However, plenty of this criminal activity also happens in plain sight, on social media sites and messaging platforms. This underground industry is an unstoppable force: as avenues are closed down by law enforcement or criminal in-fighting, other ones appear.

At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.

There are various ways for attackers to get your data. The main ones are:

  • Phishing: usually aimed at stealing your log-ins or tricking you into downloading keylogging or other info-stealing malware. Phishing mainly happens via email but could also occur via web, text, or phone. Around $667m was lost in imposter scams last year, according to the FTC.
  • Malicious mobile apps disguised as legitimate software.
  • Eavesdropping on social media: If you overshare even innocuous personal data (pet names, birth dates, etc.,) it could be used by fraudsters to access your accounts.
  • Public Wi-Fi eavesdropping: If you’re using it, the bad guys may be too.
  • Dumpster diving and shoulder surfing: Sometimes the old ways are still popular.
  • Stealing devices or finding lost/misplaced devices in public places.
  • Attacking the organizations you interact with: Unfortunately this is out of your control somewhat, but it’s no less serious. There were 1,473 reported corporate breaches in 2019, up 17% year-on-year.
  • Harvesting card details covertly from the sites you shop with. Incidents involving this kind of “web skimming” increased 26% in March as more users flocked to e-commerce sites during lockdown.

 

The COVID-19 challenge

As if this weren’t enough, consumers are especially exposed to risk during the current pandemic. Hackers are using the COVID-19 threat as a lure to infect your PC or steal identity data via the phishing tactics described above. They often impersonate trustworthy institutions/officials and emails may claim to include new information on outbreaks, or vaccines. Clicking through or divulging your personal info will land you in trouble. Other fraud attempts will try to sell counterfeit or non-existent medical or other products to help combat infection, harvesting your card details in the process. In March, Interpol seized 34,000 counterfeit COVID goods like surgical masks and $14m worth of potentially dangerous pharmaceuticals.

Phone-based attacks are also on the rise, especially those impersonating government officials. The aim here is to steal your identity data and apply for government emergency stimulus funds in your name. Of the 349,641 identity theft reports filed with the FTC in Q2 2020, 77,684 were specific to government documents or benefits fraud.

What do cybercriminals do with my identity data?

Once your PII is stolen, it’s typically sold on the dark web to those who use it for malicious purposes. It could be used to:

  • Crack open other accounts that share the same log-ins (via credential stuffing). There were 30 billion such attempts in 2018.
  • Log-in to your online bank accounts to drain it of funds.
  • Open bank accounts/credit lines in your name (this can affect your credit rating).
  • Order phones in your name or port your SIM to a new device (this impacts 7,000 Verizon customers per month).
  • Purchase expensive items in your name, such as a new watch or television, for criminal resale. This is often done by hijacking your online accounts with e-tailers. E-commerce fraud is said to be worth around $12 billion per year.
  • File fraudulent tax returns to collect refunds on your behalf.
  • Claim medical care using your insurance details.
  • Potentially crack work accounts to attack your employer.

How do I protect my identity online?

The good news among all this bad is that if you remain skeptical about what you see online, are cautious about what you share, and follow some other simple rules, you’ll stand a greater chance of keeping your PII under lock and key. Best practices include:

  • Using strong, long and unique passwords for all accounts, managed with a password manager.
  • Enable two-factor authentication (2FA) if possible on all accounts.
  • Don’t overshare on social media.
  • Freeze credit immediately if you suspect data has been misused.
  • Remember that if something looks too good to be true online it usually is.
  • Don’t use public Wi-Fi when out-and-about, especially not for sensitive log-ins, without a VPN.
  • Change your password immediately if a provider tells you your data may have been breached.
  • Only visit/enter payment details into HTTPS sites.
  • Don’t click on links or open attachments in unsolicited emails.
  • Only download apps from official app stores.
  • Invest in AV from a reputable vendor for all your desktop and mobile devices.
  • Ensure all operating systems and applications are on the latest version (i.e., patch frequently).
  • Keep an eye on your bank account/credit card for any unusual spending activity.
  • Consider investing in a service to monitor the dark web for your personal data.

How Trend Micro can help

Trend Micro offers solutions that can help to protect your digital identity.

Trend Micro ID Security is the best way to get proactive about data protection. It works 24/7 to monitor dark web sites for your PII and will sound the alarm immediately if it finds any sign your accounts or personal data have been stolen. It features

  • Dark Web Personal Data Manager to scour underground sites and alert if it finds personal info like bank account numbers, driver’s license numbers, SSNs and passport information.
  • Credit Card Checker will do the same as the above but for your credit card information.
  • Email Checker will alert you if any email accounts have been compromised and end up for sale on the dark web, allowing you to immediately change the password.
  • Password Checker will tell you if any passwords you’re using have appeared for sale on the dark web, enabling you to improve password security.

Trend Micro Password Manager enables you to manage all your website and app log-ins from one secure location. Because Password Manager remembers and recalls your credentials on-demand, you can create long, strong and unique passwords for each account. As you’re not sharing easy-to-remember passwords across multiple accounts, you’ll be protected from popular credential stuffing and similar attacks.

Finally, Trend Micro WiFi Protection will protect you if you’re out and about connecting to WiFi hotspots. It automatically detects when a WiFi connection isn’t secure and enables a VPN—making your connection safer and helping keep your identity data private.

In short, it’s time to take an active part in protecting your personal identity data—as if your digital life depended on it. In large part, it does.

 

The post Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis appeared first on .

Ransom from Home – How to close the cyber front door to remote working ransomware attacks

By Trend Micro

Coronavirus has caused a major shift to our working patterns. In many cases these will long outlast the pandemic. But working from home has its own risks. One is that you may invite ransomware attacks from a new breed of cyber-criminal who has previously confined his efforts to directly targeting the corporate network. Why? Because as a remote worker, you’re increasingly viewed as a soft target—the open doorway to extorting money from your employer.

So how does ransomware land up on your front doorstep? And what can a home worker do to shut that door?

The new ransomware trends

Last year, Trend Micro detected over 61 million ransomware-related threats, a 10% increase from 2018 figures. But things have only gotten worse from there. There has been a 20% spike in ransomware detections globally in the first half of 2020, rising to 109% in the US. And why is that?

At a basic level, ransomware searches for and encrypts most of the files on a targeted computer, so as to make them unusable. Victims are then asked to pay a ransom within a set time frame in order to receive the decryption key they need to unlock their data. If they don’t, and they haven’t backed-up this data, it could be lost forever.

The trend of late, however, has been to focus on public and private sector organizations whose staff are working from home (WFH). The rationale is that remote workers are less likely to be able to defend themselves from ransomware attacks, while they also provide a useful stepping-stone into high-value corporate networks. Moreover, cybercriminals are increasingly looking to steal sensitive data before they encrypt it, even as they’re more likely to fetch a higher ransom for their efforts than they do from a typical consumer, especially if the remote employee’s data is covered by cyber-insurance.

Home workers are also being more targeted for a number of reasons:

  • They may be more distracted than those in the office.
  • Home network and endpoint security may not be up to company levels.
  • Home systems (routers, smart home devices, PCs, etc.,) may not be up-to-date and therefore are more easily exposed to exploits.
  • Remote workers are more likely to visit insecure sites, download risky apps, or share machines/networks with those who do.
  • Corporate IT security teams may be overwhelmed with other tasks and unable to provide prompt support to a remote worker.
  • Security awareness programs may have been lacking in the past, perpetuating bad practice for workers at home.

What’s the attack profile of the remote working threat?

In short, the bad guys are now looking to gain entry to the corporate network you may be accessing from home via a VPN, or to the cloud-hosted systems you use for work or sharing files, in order to first steal and then encrypt company data with ransomware as far and wide as possible into your organization. But the methods are familiar. They’ll

  • Try to trick you into dangerous behavior through email phishing—the usual strategy of getting you to click links that redirect you to bad websites that house malware, or getting you to download a bad file, to start the infection process.
  • Steal or guess your log-ins to work email accounts, remote desktop tools (i.e., Microsoft Remote Desktop or RDP), and cloud-based storage/networks, etc., before they deliver the full ransomware payload. This may happen via a phishing email spoofed to appear as if sent from a legitimate source, or they may scan for your use of specific tools and then try to guess the password (known as brute forcing). One new Mac ransomware, called EvilQuest, has a keylogger built into it, which could capture your company passwords as you type them in. It’s a one-two punch: steal the data first, then encrypt it.
  • Target malware at your VPN or remote desktop software, if it’s vulnerable. Phishing is again a popular way to do this, or they may hide it in software on torrent sites or in app stores. This gives them a foothold into your employer’s systems and network.
  • Target smart home devices/routers via vulnerabilities or their easy-to-guess/crack passwords, in order to use home networks as a stepping-stone into your corporate network.

How can I prevent ransomware when working from home?

The good news is that you, the remote worker, can take some relatively straightforward steps up front to help mitigate the cascading risks to your company posed by the new ransomware. Try the following:

  • Be cautious of phishing emails. Take advantage of company training and awareness courses if offered.
  • Keep your home router firmware, PCs, Macs, mobile devices, software, browsers and operating systems up to date on the latest versions – including remote access tools and VPNs (your IT department may do some of this remotely).
  • Ensure your home network, PCs, and mobile devices are protected with up-to-date with network and endpoint AV from a reputable vendor. (The solutions should include anti-intrusion, anti-web threat, anti-spam, anti-phishing, and of course, anti-ransomware features.)
  • Ensure remote access tools and user accounts are protected with multi-factor authentication (MFA) if used and disable remote access to your home router.
  • Disable Microsoft macros where possible. They’re a typical attack vector.
  • Back-up important files regularly, according to 3-2-1 rule.

How Trend Micro can help

In short, to close the cyber front door to ransomware, you need to protect your home network and all your endpoints (laptops, PCs, mobile devices) to be safe. Trend Micro can help via

  • The Home Network: Home Network Security (HNS) connects to your router to protect any devices connected to the home network — including IoT gadgets, smartphones and laptops — from ransomware and other threats.
  • Desktop endpoints: Trend Micro Security (TMS) offers advanced protection from ransomware-related threats. It includes Folder Shield to safeguard valuable files from ransomware encryption, which may be stored locally or synched to cloud services like Dropbox®, Google Drive® and Microsoft® OneDrive/OneDrive for Business.
  • Mobile endpoints: Trend Micro Mobile Security (also included in TMS) protects Android and iOS devices from ransomware.
  • Secure passwords: Trend Micro Password Manager enables users to securely store and recall strong, unique passwords for all their apps, websites and online accounts, across multiple devices.
  • VPN Protection at home and on-the-go: Trend Micro’s VPN Proxy One (Mac | iOS) solution will help ensure your data privacy on Apple devices when working from home, while its cross-platform WiFi Protection solution will do the same across PCs, Macs, Android and iOS devices when working from home or when connecting to public/unsecured WiFi hotspots, as you venture out and about as the coronavirus lockdown eases in your area.

With these tools, you, the remote worker, can help shut the front door to ransomware, protecting your work, devices, and company from data theft and encryption for ransom.

The post Ransom from Home – How to close the cyber front door to remote working ransomware attacks appeared first on .

What is a VPN and How Does it Increase Your Online Security and Privacy?

By Trend Micro

The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?

What is a VPN?

A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.

How does a VPN work and why you need a VPN service?

Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.

    1. Safeguard personal information

    This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.

      1. Access better streaming contents from other locations

      One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.

        1. Enhance browsing privacy

        Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.

        Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.

          1. Save cost on communicating with family and friends abroad

          Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.

            1. Escape content-based bandwidth-throttling

            The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.

            Choosing the right VPN for you

            Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.

            Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:

            • Faster and more data is better. Using a VPN can often decrease the speed of your internet connection, so you should pick a provider that has a good number of servers and locations and doesn’t pre-throttle your bandwidth. Some also have data limits, so you should opt for those with a higher data limit per month
            • Provides the best encryption. Look for a VPN providing sophisticated ciphers such as 256-bit AES end-to-end encryption.
            • Ensures safe browsing. Look for VPN that can filter and block malicious websites, online fraud, and internet scams and automatically safeguard your internet connection.
            • Provides full anonymity. It is crucial that a VPN vendor has a clear privacy policy. Trusted VPNs will not track the user’s websites, payment information, or online transactions, and do not keep logs.
            • Supports simultaneous devices. Select a VPN that is compatible with your devices and operating systems and can provide you a good number of simultaneous connections on your devices.
            • Cost versus use case. Heavier business usage should be contrasted with everyday consumer use. To pay less for the service (VPNs typically cost from $5 to $12 per month per device, though multi-device bundles are less), you might accept some data limits, if your use case is lighter; sacrifice some speed, if you’re not streaming movies when you’re out and about, (unlikely during the coronavirus lockdown); or some cross-regional server-selection capability, if you’re not travelling in content-restricted regions (since out-of-country travel is also being hampered by the pandemic).

            Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.

            Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.

            Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.

            Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.

            Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.

            The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .

            From Bugs to Zoombombing: How to Stay Safe in Online Meetings

            By Trend Micro

            The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.

            The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).

            Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.

            What are the risks?

            Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.

            Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.

            The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.

            To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:

            • Exploiting vulnerabilities in the video conferencing software, particularly when it hasn’t been updated to fend off the latest threats
            • Stealing your log-ins/meeting ID via malware or phishing attacks; or by obtaining a meeting ID or password shared on social media
            • Hiding malware in legitimate-looking video apps, links and files
            • Theft of sensitive data from meeting recordings stored locally or in the cloud.

            Zooming in on trouble

            Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.

            And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.

            More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.

            Video conferencing alternatives

            So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.

            In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.

            Some video conferencing options alongside Zoom, WebEx, and Teams include:

            • Signal which is end-to-end encrypted and highly secure, but only supports one-to-one calls.
            • FaceTime, Apple’s video chat tool, is easy-to-use and end-to-end encrypted, but is only available to Mac and iOS users.
            • Jitsi Meet is a free, open-source video conferencing app that works on Android, iOS, and desktop devices, with no limit on participants beyond your bandwidth.
            • Skype Meet Now is Microsoft’s free, popular conferencing tool for up to 50 users that can be used without an account, (in contrast to Teams, which is a paid, more business-focused platform for Office 365 users).
            • Google Duo is a free option for video calls only, while the firm’s Hangouts platform can also be used for messaging. Hangouts Meet is a more business-focused paid version.
            • Doxy.me is a well-known telemedicine platform used by doctors and therapists that works through your browser—so it’s up to you to keep your browser updated and to ensure the appropriate security and privacy settings are in place. Secure medical consultation with your healthcare provider is of particular concern during the shelter- and work-from-home quarantine.

            How do I stay safe?

            Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.

            • Check for end-to-end encryption before getting onboard with the app. This includes encryption for data at rest.
            • Ensure that you generate one-off meeting IDs and passwords automatically for recurring meetings (Zoom).
            • Don’t share any meeting IDs online.
            • Use the “waiting room” feature in Zoom (now fixed), so the host can only allow attendees from a pre-assigned list.
            • Lock the meeting once it’s started to stop anyone new from joining.
            • Allow the host to put attendees on hold, temporarily removing them from a meeting if necessary.
            • Play a sound when someone enters or leaves the room.
            • Set screen-sharing to “host only” to stop uninvited guests from sharing disruptive content.
            • Disable “file transfers” to block possible malware.
            • Keep your systems patched and up-to-date so there are no bugs that hackers can target.
            • Only download conferencing apps from official iOS/Android stores and manufacturer websites.
            • Never click on links or open attachments in unsolicited mail.
            • Check the settings in your video conferencing account. Switch off camera access if you don’t want to appear on-screen.
            • Use a password manager for video conferencing app log-ins.
            • Enhance passwords with two-factor authentication (2FA) or Single-Sign-On (SSO) to protect access, if available.
            • Install anti-malware software from a reputable vendor on all devices and PCs. And implement a network security solution if you can.

            How Trend Micro can help

            Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.

            Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.

            Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.

            Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.

            The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .

            ❌