A new survey by the leading virtual private network provider NordVPN revealed that Brits mostly use Incognito mode (private browsing) for checking health issues (36%), and shopping for gifts (30%).
Besides that, they seek privacy while booking a trip (23%) or visiting dating sites (18%). But is it as private as they think?
What does incognito mode do?
Incognito/private mode helps you browse the web without storing browsing data on your browser so that it can’t be retrieved later. This means that your searches, visited pages, login details, and cookies will not be saved on the device after you close your private windows. However, any files you download or bookmarks you create will be kept.
“Private browsing can also be used for booking flight tickets or hotel rooms because they might get you lower prices. Because they don’t save cookies, the airline or hotel website might not know that you checked your chosen dates before and hike up their prices accordingly,” explains Daniel Markuson, a digital privacy expert at NordVPN.
Incognito mode: you are not as private as you think
Incognito means to hide your true identity, but that’s not completely true for private browsing modes. Even though private browsing deletes cookies when you close the window and keeps your browsing history empty, it does not hide your traffic from third parties like your ISP, the government, or your network admin at your office or university.
“That private browser mode, or incognito mode, you use to browse the net privately doesn’t make you as private as you think. Your private browsing mode only blocks your own browser from recording your traffic, but it doesn’t hide your IP. Someone can still track you,” Daniel Markuson adds.
How can the Brits increase their privacy?
Daniel Markuson recommends several ways to minimize your digital footprint:
Use a VPN such as NordVPN. It does what incognito mode cannot. It hides your IP address and replaces it with the address of a remote VPN server, making it impossible to track you. It also encrypts your traffic, protecting your browsing habits from your ISP and other third parties.
Use privacy-oriented browsers, such as Tor or Epic, which deliver on their promise of “extreme privacy”: no auto-syncing, no spell-check, no auto-fill, and no plug-ins.
Use more private search engines, such as DuckDuckGo. This search engine is a popular choice and serves around 10 million searches a day. However, even though it’s a great tool to limit tracking, it doesn’t guarantee complete anonymity.
Use a proxy. Some internet users might choose to route their traffic through a proxy. Proxy servers can help you access geo-restricted websites and hide your browsing activity from the ISP. However, proxies don’t encrypt your traffic, leaving you vulnerable to other attacks and forms of monitoring.
Methodology: The survey was conducted by the NordVPN Research department for the period from March 29 to April 3, 2021. The survey’s target group was residents of the UK over the age of 18, and the sample was taken from national internet users. Quotas were placed on age, gender, and place of residence.
About NORDVPN
NordVPN is the world’s most advanced VPN service provider used by over 14 million internet users worldwide. NordVPN provides double VPN encryption, malware blocking, and Onion Over VPN. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide, and is P2P-friendly. One of the key features of NordVPN is the zero-log policy. For more information: nordvpn.com.
NordVPN Laura Tyrell +467 9873 4591 https://nordvpn.com
A recent study by the virtual private network provider NordVPN revealed that 1 in 3 (31.9%) Brits use some kind of fitness or well-being device, such as a smartwatch, fitness tracker, etc. However, these devices may be tracking a lot more than your fitness activities, and 23.7% of Brits do nothing to protect them, which may pose a serious risk to people’s privacy.
Among the data collected by fitness wearables and the mobile apps connected to them, there are basic activities such as steps, heart rate, the time you go to sleep or wake up, as well as your consumed calories, weight, or even running routes, which are all of great interest to stalkers or attackers. For example, Clario research has revealed that Strava collects 41.18% of users’ personal data, and MyFitnessPal — 35.29%.
“Health information is definitely among the most private and sensitive data in our lives. However, we allow our wearable fitness trackers to capture and store this information in mobile apps without properly knowing about its security vulnerabilities,” comments Daniel Markuson, a digital privacy expert at NordVPN.
Fitness apps — popular target for hackers
As many gadgets, well-being devices and their apps also have security holes that might allow hackers to gain access to your information. Even without taking control over your device, someone can “sniff” the Bluetooth signal sent back to your smartphone to guess your passcode. Whenever a hacker has your pin, it’s simple to gain access to all your health information.
According to Have I Been Pwned?, in 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses, and passwords. The next year, this data appeared on the dark web and was listed for sale. The same year, another health and fitness service provider — 8fit — suffered a data breach of 15 million unique email addresses, which later on were also sold on the dark web.
“Many people connect their fitness devices to an outside app to track, share, and analyse their activities. However, that’s the moment when people are easily giving away their sensitive information. NordVPN’s study shows that nearly a third (23%) of Brits shared their fitness achievements on social media or on the app’s online forum,” adds Daniel Markuson, a digital privacy expert at NordVPN.
How to make sure your fitness data is secure
Since most fitness trackers lack the necessary security systems, Daniel Markuson shares some advice to make your fitness experience less stressful and more secure:
Read the user agreement. Before purchasing any fitness device, take some time to read its user agreement and privacy policy. Make sure that the company values your privacy and takes reasonable steps to protect it.
Make your identity online hidden. If your fitness apps ever get hacked, you can limit the potentially exposed personal information by using a VPN. It creates an encrypted tunnel for your data and protects your online identity by hiding your IP address.
Limit the data that is being collected. More often than not, apps and devices collect data that is not necessary for them to operate. If possible, allow them to collect and store only the data required to give you the service you signed up for.
Regularly delete data stored in the app/device. Many fitness trackers allow you to review and delete the data they store about you. Make sure to check the privacy policy to verify that deleted data is actually deleted from the company’s servers too.
About NordVPN
NordVPN is the world’s most advanced VPN service provider used by over 14 million internet users worldwide. NordVPN provides double VPN encryption, malware blocking, and Onion Over VPN. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide, and is P2P-friendly. One of the key features of NordVPN is the zero-log policy. For more information: nordvpn.com.
NordVPN Laura Tyrell +467 9873 4591 https://nordvpn.com
With the migration to remote and hybrid work over the last year, cyberattacks have increased at a rate of three to five times compared to pre-COVID. For a while now, VPNs have been a staple of a standard security setup and a fast track for mobile business security. But in a shifting climate, businesses are screaming for more fit-for-purpose solutions to secure corporate perimeter.
More than a VPN — data security explained
While VPNs are great at what they do, their scope is limited in the ever-changing cybersecurity landscape. However, the role of a decentralized workforce is evident in 2021 — it’s essential.
With the rise of remote work, employees have seen some significant benefits, such as working flexible hours, spending more time with their families, and being able to work more comfortably at home.
However, there is a downside – the risks associated with such decentralization are greater than ever before. Unencrypted networks, unlisted websites, and slow speeds, even unauthorized users continue to access confidential corporate data. In fact, global losses from cybercrime now total over $1 trillion. In addition, the rise in ransomware and malware attacks targeted at unprotected corporate networks in recent years has also proved to be a significant threat to today’s distributed workforces.
Even before 2020 brought the world to a standstill, the office environment has become less centralized than ever, with the rise of Software as a Service (SaaS) applications for businesses. Since then, though, this decentralization has accelerated to the point where it’s unlikely we’ll ever go back to working the way we did before.
The notable shift towards cloud-based environments has seen businesses choose to migrate their network complexities to a central space – one that widens previously restricted perimeters and accommodates distributed endpoints on the network. As such, the safety of company data is just as important as protecting the company network.
“Zero Trust” principle is key Traditional IT network security is based on the castle-and-moat concept. It isn’t easy to gain entry from outside the network in simple terms, but everyone inside the perimeter is already deemed trustworthy.
“The problem with this approach is that once an attacker gains access to the network, they have free reign over everything inside,” comments Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams.
Business owners now require more advanced solutions to have the visibility and control needed to manage their access permissions on the company network.
“Suppose you’re in a leadership position in your company. In that case, you want your employees (whether permanent, contracted, or freelance) to be able to access the applications and resources they need to do their job. At the same time, you’re probably conscious of how far their reach within your network should be. If everybody has access to your most valued assets, by default, you are compromising their safety with such frivolous freedoms,’’ explains NordVPN Team’s expert.
This is where Network Access Security comes in. Modern solutions are built with the “Zero Trust” principle in mind – “deny all, permit some.” In other words, every user should not be trusted until their identity is verified. As a result, secure access security solutions make it much easier and safer to provide employees with the exact resources and applications they need. At the same time, they ensure that employees don’t access data or assets that are confidential to the company.
Paired with authentication methods such as 2FA and ensuring everyone follows security best practices for business, it can vastly reduce the potential for damage from a data breach (or a breach even occurring).
While VPN technology still has its place in a robust security setup, Secure Network Access is central to the gold-standard Zero Trust Network Access (ZTNA) model, with which modern businesses should be aligning themselves.
Gartner estimates that public cloud revenue will grow 18.4% in 2021, reaching a total value of $304.9 billion. The COVID-19 pandemic accelerated business transition to the cloud, yet 85% of Chief Information Security Officers (CISOs) admit they’ve neglected cybersecurity in favor of quickly enabling remote working.
Today, cloud computing replaces legacy networks by providing increased connectivity, scalability, and efficiency. These traits are vital for a remote workforce, which made up almost half of American employees post-lockdown.
Enterprises choose Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS), and other solutions employees can use anywhere. While cloud resources are easy to access and integrate into everyday business operations, they face similar threats as traditional corporate perimeters.
“The cyberattack vectors in the cloud environment are the same as in traditional data centers. Software is used that contains vulnerabilities targeted by malicious users. Consumers are mutually responsible with a cloud service provider (CSP) for managing protection and should make appropriate investments in security infrastructure,” says Juta Gurinaviciute, the Chief Technology Officer at NordVPN Teams.
It presents a challenge for cybersecurity teams, as cloud connectivity reduces visibility and control. The CSP can be partially responsible for infrastructure and policies but varies depending on individual agreements and cloud models. Another weak spot is the connection, as users reach cloud assets via the internet instead of on-premise machines.
IP whitelisting – the first step towards a robust perimeter
A growing threat for enterprises is the inappropriate handling of application programming interfaces (APIs). A typical organization uses 363 of them. They help external developers and contractors reach software platforms, and 61% of enterprises adjust their strategies according to API integration.
However, developers often leave an API without strict authentication controls, exposing cloud resources to outside threats. As they open up to the internet, cybercriminals can breach the system and compromise the backend.
Therefore, access management is critical for cloud security. A traditional connection to the cloud is insufficient when employees operate remotely, so many companies opt for IP address management and secure virtual private network (VPN) connections. Yet, the solution known as IP whitelisting demands additional security checks.
“System admins create a list of IP addresses able to access cloud resources, but individual device management is tedious, given that device IP addresses continually change. Business VPNs come with a dedicated server option to ensure uniformity with one stable IP address. Remote users can log into clouds as if they were connecting from corporate premises,” says Gurinaviciute.
IP whitelisting is only a first step in ensuring coherent and robust digital protection. The goal of authentication is to identify the user, not the machine. Otherwise, upon gaining control of a device, cybercriminals may infiltrate the cloud further. It reduces the surface area for attack but with limited capability to fully protect the cloud.
IT teams should further segment the users with access to different assets on the cloud. Marketers, developers, accountants, and business contractors need additional resources to have only limited accessibility. To further limit exposure, consider establishing a Zero Trust Access approach, where employees can only work with particular assets and for a limited time.
“The center of authentication policy is the end-user, so the main goal is correctly identifying them. Enterprises are now strengthening their software-defined perimeters via third-party solutions. They offer multi-factor authentication or biometric logins, adding an extra layer of protection. These methods are the most up-to-date cloud cybersecurity measures and the hardest to breach,” comments NordVPN Teams expert.
Studies show that businesses lose $27 billion to tax scams annually and tax season is a prime time for fraudulent activity. Phishing emails are one of the leading attack vectors, thus, the FBI recently warned enterprises about a rise in business email compromise (BEC) schemes which will intensify during tax filing in the turbulent times of this pandemic.
This year the filing for tax returns will be different and more intense than ever. Not only has the COVID-19 pandemic pushed people to their home offices, but the distribution of stimulus checks has put an immense workload on the IRS’s shoulders. According to Google Trends, the search term “2021 tax deadline” saw a 2,000% increase in popularity since January.
“These figures suggest that Americans might postpone the filing until the last day and could be more likely to fall victim to scams since they are in a rush. Malicious actors try to leverage intense and complicated situations, so they will try to meet the nearing tax deadline by widely distributing phishing emails to steal personal and business data,” warns Juta Gurinaviciute, the chief technology officer at NordVPN Teams.
In a statement, IRS representatives urged people to file their tax returns electronically this year, to choose direct deposit on their returns, and to provide up-to-date banking information to claim their returns more quickly. The greater reliance on digital filing will also draw the attention of scammers.
The primary objective of BEC schemes is to obtain sensitive taxpayer information, including their social security number, home address, employment status, and location. With this information, fraudsters file fake tax return forms, changing the most important line—the deposit account number.
To obtain it, crooks aim at companies ranging from small businesses to high-profile corporations, as well as public institutions. In recent years, cybercriminals have elevated their phishing techniques and primarily employ so-called W-2 scams in targeting businesses and organizations.
Pretending to be someone from the upper echelons of management in the company,— e.g. the CFO or CEO, fraudsters target employees by asking them to provide a completed W-2 form for inspection. The document contains other sensitive employee data, which is then leveraged to file for the tax return. According to the FTC, impostor scamming techniques are the most popular type of fraud in the US, costing Americans hundreds of millions of dollars.
After obtaining the document, criminals can either file the fraudulent tax return forms themselves or sell the gathered data on the dark web to hackers, who might then commit identity theft as well as other crimes.
In addition to targeting enterprises, cybercriminals also try to blackmail individuals. In these attacks, instead of pretending to be someone from higher management, they take the role of the IRS itself.
Fraudsters might approach workers by saying they’re eligible for an additional return, or, on the contrary, they’re indebted and have to pay the discrepancy as soon as possible. These emails usually contain a link to a spoofed website, which prompts the visitor to enter their credentials—Social Security number, income, and other personal data.
The most important thing to remember is that the IRS never initiates contact with taxpayers via email, text message, or social media; not to mention asking for their personal information, such as PIN numbers, credit card information, or passwords.
How to mitigate the risk?
The tax season this year will last until April 17, and during this time, employees should be extra vigilant. If they’re requested to provide a W-2 form, they should contact the sender by other means and double-check if the request is genuine.
If employees received a message from the IRS, they mustn’t click any links in the email nor open the files attached. Instead, they should log in to their account via the institution’s website, to see if they really need to take any action.
“Haste makes waste, so employees shouldn’t comply with the scammer’s requirements before verifying the information. Organizations should implement clear algorithms on how they should report becoming a target of a cyberattack. If information security teams are alerted immediately, they can distribute memos in case other workers have also received phishing emails,” says a NordVPN Teams expert.
To protect themselves against identity theft, employees can set an Identity Protection PIN (IP PIN) on the IRS website. A six-digit code will be necessary to make any tax refund claims, and unauthorized applications will be denied. On the organizational level, make sure your company takes these essential steps to stay resilient:
Keep your staff updated by organizing engaging, entertaining, yet informative cybersecurity training.
Set and follow the company’s policy regarding emails and the information within them.
Make sure your workers are aware of any suspicious emails and do not hesitate to report them to cybersecurity professionals or the IRS itself.
They shouldn’t interact with the questionable email in any way, either by replying to it or clicking any links.
Your IT and security teams must keep all software up-to-date, in case tax scam emails also carry malware that leverages system vulnerabilities.
Consider using user-friendly file encryption tools, such as NordLocker, to protect your files if they’re compromised.
Contact