As fear over the spread of COVID-19 is surging at an alarming rate, public health institutions recommend companies to take a stance in preventing the virus from spreading around offices, public transports or public gatherings. Organizations are therefore encouraging, or in some cases, mandating their employees to switch to teleworking for several days or weeks. While this step is necessary to contain the disease from spreading, it opens the door to a rise in targeted threats.
Criminals are exploiting the disease to attack people and organizations. They prey on public fear to carefully devise targeted scams that will prove to be successful. Don’t wait to be affected by a cyberattack, make sure you implement security and contingency plans to ensure that your employees, customers and overall business is secure.
Read our tips below on the type of threats that might affect you and how to ensure safety while working from home in a period of crisis.
Cybersecurity issues with teleworking
As employees rush home to telework, protecting internal information and sensitive data remains the highest priority for companies. This consequently heightens an organization’s ability to ensure complete safety and security of their digital assets and resources for several reasons:
1. It is already difficult to manage cybersecurity inhouse, and most companies lack contingency plans and policies to protect their assets while allowing employees to work from home.
2. Teleworking makes both employees and organizations more vulnerable to the threat landscape as they lack either resources, knowledge or cybersecurity measures.
3. Employees who have not received enough cybersecurity training can easily fall victim to a targeted attack.
How to protect yourself from cyber attacks while teleworking
Use a secure network
- If you are working from home, you want to make sure your wireless network is secure.
- Change the default administrator password of your router to one that is strong and unique.
- Enable WPA2 on your router. This is a security mechanism that ensures that your online activity in your network is encrypted.
- Create a strong secure password to connect to your network and only allow people you trust to connect to it.
- Alternatively, use your smartphone 3G/4G connection as a hotspot to connect your device to the network. Another safe option is to use a VPN (Virtual Private Network) which creates an encrypted tunnel that guarantees that your connection is encrypted.
Work from secured devices
- Make sure you work from authorized devices. For security reasons, most organizations won’t allow users to store corporate information on their own devices.
- Enable automatic updates on your devices. This will guarantee that they are running the most updated software where any recently discovered security bugs have been solved.
- Check to see if your security software (e.g. antivirus, etc.) is running and is also up-to-date.
Manage information securely
- Only use authorized channels to transmit or store corporate information. There are many services on the cloud that will allow us to work collaboratively, but some might not comply with your company’s policy, so make sure you stick with corporate tools.
Beware of COVID-19 related phishing emails
- Attackers usually try to entice us to click on links or download files by catching our attention. They often try to create a sense of urgency to rush us into making a mistake.
- Targeted attacks, in this period, mainly include malicious phishing attempts via emails. The WHO (World Health Organization) published official communication advising people to be aware of malicious links or PDFs forwarded by a disguised, fake WHO representative claiming to offer guidelines on how to stay protected during the virus outbreak. Clicking on the link or downloading the file will result in your device being infected.
- Other modes of targeted attacks include criminals creating fake websites to offer updates on the COVID-19. Be sure to check the source of the website before clicking anything that seems out of place. In a situation where people are hungry for information, they look to gather intel from all available sources, not thinking twice before clicking a potentially fraudulent link.
- If you suspect that your device might be compromised or that you might have fallen victim to a phishing scam, promptly contact your security team. A fast response can minimize the consequences of any security incident.
Organizations, as well as individuals, need to understand the correlation between a virus outbreak (that essentially causes fear and stress among the public) and the risk of cyberattacks. Some might focus on other, more pressing risks that are directly affecting the business and operational line. It is important not to lose sight of the cyber risks that will, in the long-term, have severe impact on the organization.
If you or your organization needs security measures to ensure that all your digital assets are safe, contact us at firstname.lastname@example.org.