If you’re working from home while your country is dealing with COVID-19, cyber security needs to be in the back of your mind. The dark side of the web is putting a lot of effort into stealing data and causing havoc, inspired by the lax security that often comes with work-from-home conditions.
Your inbox is the first vulnerability
All sorts of virus-related spam is trying to lure you in with the promise of a cure or prevention strategy for COVID-19. Some of it will be pretending to be from the World Health Organisation or even your government’s pandemic site. In the UK, the National Cyber Security Centre (NCSC) is constantly taking down online coronavirus scams, but there’s a never-ending stream of spam and phishing coming every day.
It’s a never-ending battle of cyber heroes versus phishing sites, advance-fee fraud schemes and fake offers.
The NCSC says the public needs to be highly suspicious. Never download or click on anything, unless you are absolutely certain of the sender. If an offer seems too good to be true, it probably is.
The most effective phishing attacks go straight for the sore point – fear of COVID-19. They offer new information around prevention, cure or vaccination, which appeals to an audience that’s increasingly worried about the future. Or they offer personal protective equipment that never turns up. One unlucky UK resident was left £15,000 poorer after buying face masks that never arrived; it’s ironic really, because they were probably ordering the masks with a view to selling them locally for a profit.
Cybersecurity expert Luke Vile sums it up: “Societally, we’ve never experienced this situation before, so all rules are off in terms of how people behave.”
Now, as the pandemic months are passing by, it’s become increasingly apparent that this isn’t just a short rough patch — we’ll have a pretty long time to deal with all of this, so it pays to take that extra step for security.
Close to 5,000 COVID-19 domains have been registered this year; many of them won’t be for legitimate purposes. One example is a banking Trojan malware that’s masquerading as a WHO-developed mobile application designed to help individuals to recover from COVID-19. There’s a name for this type of cyber-crime activity – scareware.
Other opportunistic attempts to exploit pandemic fear include:
- donating to a fake World Health Organisation Covid-19 Response Fund
- paying a Bitcoin ransom or risk your family being infected with Covid-19
- downloading malware from COVID-19 maps
- Fake CDC (Centers for Disease Control) or NIH (National Institutes of Health) alerts
- Fake medical advice
- Emails that appear to come from the your workplace
Sherrod DeGrippo, senior director at cyber security company Proofpoint, says that cybercriminals are sending up to 200,000 emails at a time. She also reports that the number of phishing campaigns is trending upwards. Around 70% of the emails her team deal with deliver malware; the rest are trying to steal the victim’s credentials. To be safe in this period, don’t click on any suspicious links and be extra careful with your inbox.
Shut the back doors into your data
If your employer wants you to work while you’re in lockdown at home, it’s up to them to ensure your computer or laptop isn’t vulnerable — or so it should be.
Last year, research published by Apricorn reported that a third of IT decision-makers confessed to data breaches as a result of remote working. Around half of them couldn’t guarantee their data was secure when being used by remote workers.
When you’re working from home, it’s best to use a virtual private network (VPN) when connecting to your work’s network. This creates an encrypted tunnel between your computer and your work’s network, to protect the files and data you’re accessing.
Two-factor authentication is another best practice tip. It should be in place for work-related systems, email and messaging apps, to fend off attackers who have guessed your password or stolen your credentials.
Other best practices include:
- Use a long password or passphrase that you haven’t used elsewhere to access any work system.
- Update your operating system; also check that the software or apps that you’re using are up-to-date.
- Make sure you have antivirus installed and are running regular scans.
Take care with your Zooming
Use of video conferencing tools like Skype and Zoom has rocketed since the world started locking down. While virtual meetings come with multiple benefits, they also expose some interesting risks for organisations.
Zoombombing is one of the problems nobody saw coming. Zoom randomly generates ID access codes, which has turned out to be the vulnerable underbelly of the platform. Automated tools can find around 100 Zoom meeting IDs in an hour, exposing potential for unsavoury types to drop into Zoom calls and broadcast offensive material. The best solution to prevent this problem is to password-protect entry to every Zoom meeting.
The Zoom company also admits that video calls on the app aren’t encrypted from end to end, a weakness they’re trying to address as quickly as possible.
It’s always a good idea to secure your means of corporate communication, but with virtual calls basically taking over, it’s never been more important. Whether it’s your phone or laptop or some company device, securing your communication channel is paramount, in 2020 and beyond.
Only use devices provided by your employer
Most organisations and businesses have a range of IT security protocols designed to keep data and systems secure. These should extend to portable devices that are used for remote working. While it might be tempting to use a personal laptop or smartphone for work, there’s a chance they will expose your employer’s system to hackers, data kidnappers, cyber terrorists and scammers. If you’re in any doubt about your home office cyber security measures, talk to your company’s IT team.
Thinking about Insurance
While working from home it’s worth thinking about protecting your most valuable assets. Take the time to assess your options. Most insurers offer a number of different home and contents options, as well as a wide range of business insurance policies that can be tailored to meet your needs.
It’s a trying time for everyone. If we’re working from home, it already means we’re more fortunate than many people who can’t afford this luxury and it’s worth taking a moment to consider your online security.