1. Go Offline

Our first action is to cut off any communication between potential viruses and the attackers that sent them.

BEFORE YOU DISCONNECT:

If you haven’t already, open this blog on your mobile device so you can continue to follow along and disconnect your compromised device.

To go offline, you’ll need to unplug your ethernet cable or turn off Wi-Fi on your device.

How to unplug your ethernet cable:

Press down on the plastic clip at the top or bottom of the plug. Pressing down on the clip will release the anchor, allowing you to pull it from the device.

How to turn off Wi-Fi (wireless internet):

1. From the Windows desktop, click the Wi-Fi icon at the bottom right-hand of your screen. Utilize the touchscreen (if available) or mouse to select the on-screen options.
2. From the Wi-Fi section (on the right, above the taskbar), click the connected Wi-Fi network address.
3. Click Disconnect.

2. Start Your Antivirus Software

Next, open your trusted antivirus software. Select the option for a full or comprehensive system scan and start it. This is your digital defense force; let it find and neutralize any threats. If you don’t have antivirus software, now is the best time to pick one up. If you’re on a work computer, talk to your IT department to get their preferred software installed as soon as possible.

 Kaspersky Free, Bitdefender Free or Avast One are great free options if you can’t afford to sign up for a paid version!

Note: If you have disconnected from the internet and have not previously installed antivirus software, you can download the installer on a different device and transfer it over with a USB drive. Copy the installer to the computer that needs to be scanned, install the software, and use it to clean the PC. Once you are done cleaning the PC, scan the USB drive (if possible) before removing it to use somewhere else!

3. Change Your Passwords

If there is a chance you’ve been compromised, it means those attackers could have also gained access to your personal accounts! Let’s make sure to lock any potential invaders out. Start with your most sensitive accounts – email, online banking, social media, or anything that holds valuable personal or financial information. Remember, each account needs a strong, unique password!

If you struggle to keep track of all your passwords, now is probably a good time to consider installing or enabling a password manager like 1Password or Bitwarden. Both options are considered leaders in the password manager category. Password Managers help by storing your login information for all your websites, suggesting long, unique passwords, and then auto-filling the password area when you return to the website to help you log in with complex credentials you might not otherwise be able to remember. This ensures that no two accounts utilize the same credentials, so if one account is compromised, the others are likely safe!

4. Monitor Your Accounts

Despite having updated your passwords, it is important to remain vigilant and closely monitor your accounts for any suspicious or abnormal activities in the coming days. If something looks odd, get in touch with the support of the webpage, or in the case of a bank, call their fraud line immediately.

Some examples of suspicious activity include replies from people you haven’t contacted, emails to reset passwords or two-factor authentication codes appearing when you haven’t requested them!

5. Report the Phishing Attempt

Reporting the incident helps protect others, too. Inform your workplace’s IT department if it’s a work device or your email provider if it came via email. You can also report phishing attempts to your local law enforcement cybercrime unit or your country’s equivalent of the Federal Trade Commission (FTC) in the U.S. Learn more about reporting or report an event directly to the FBI here!

6. Learn and Adapt

You’re now part of the informed internet users’ club, more prepared to spot and avoid phishing attempts in the future. Stay vigilant! Always scrutinize the sender’s address and think twice before responding to unsolicited messages asking for personal information.

And… you’re done! A big sigh of relief is in order. You’ve acted promptly and wisely to protect your digital self. Remember, this guide is here for you anytime you need it. Stay safe, friend!

Additional resources:

8 User Tips for Identifying Phishing Emails

Microsoft 365 Information on Phishing Emails

Microsoft’s Most Common Phishing Trends

ITGovernance’s Easiest ways to Spot a Phishing Email

The post What to Do if You Clicked on a Phishing Link! A Step-by-Step Guide. appeared first on CCB Technology.

Myth 1: MFA Means Extra Steps Every Login

Many believe that MFA requires additional verification every time they log in. The truth is modern MFA systems often utilize ‘adaptive’ or ‘risk-based’ authentication. This intelligent approach considers factors such as your location and device type¹. If everything seems usual, you might only need your password. If something’s off, then the system asks for additional proof, striking a balance between a smooth user experience and strong security.

Myth 2: MFA Always Requires an App on a Cell Phone

A common belief is that MFA is synonymous with having a special app on your cell phone. While some MFA methods involve using an app to receive a verification code or notification, this is NOT the only approach. Multifactor Authentication can also be performed via biometrics (like fingerprints or facial recognition) ², hardware tokens³, or even text messages⁴. It’s important to remember that MFA is designed to be flexible, ensuring everyone can use it, irrespective of their device.

Myth 3: MFA is Just for Compliance

Some people also think MFA is just a compliance check for regulatory bodies. Yes, many compliance frameworks require MFA, but it’s not its sole purpose. MFA is a robust security measure offering strong protection against unauthorized access to accounts. It’s more than ticking a compliance box; it’s about safeguarding your sensitive data.

Myth 4: MFA is a Quick Fix for a Security Breach

The notion that MFA can be enabled after a breach to quickly fix security issues is outright dangerous. Multifactor Authentication is not a reactive solution, but a proactive measure to prevent unauthorized access. When an organization implements one of the various MFA solutions before a breach occurs, it can significantly reduce the risk⁵. It should be part of a larger security strategy, including strong password practices, regular software updates, and security education.

In Conclusion

Multifactor Authentication is an accessible, intelligent, and proactive security measure that doesn’t solely rely on cell phone apps to meet compliance requirements. Remember, the purpose of MFA is to keep your digital life secure by verifying your identity when some sort of risk is present, preventing unauthorized access. By dispelling these myths, we hope to encourage more people to adopt this essential layer of online protection.

Want to learn more about your MFA and IT Security options?

CCB offers a wide variety of security services that allow you to choose the right solutions for your needs. We‘ll help you get secure and stay secure. Tell us about your IT security needs▸

Footnotes

1. Microsoft, “Adaptive MFA” 
2. National Institute of Standards and Technology, “Biometric Authentication” 
3. Microsoft, “OATH Hardware Tokens” 
4. Microsoft, “Set up Text Messaging as Your Verification Method” 
5. Microsoft, “One Simple Action You Can Take to Prevent 99.9% of Account Attacks.” 

The post Dispelling the Myths of Multifactor Authentication appeared first on CCB Technology.