By now, we’re all familiar with social distancing and what to do in order to stop or slow down the spread of the novel coronavirus currently causing a pandemic around the world. Many companies are practicing social distancing by temporarily closing down offices and encouraging or requiring employees to switch to working from home instead.
However, while it’s a very sensible approach in terms of flattening the curve when it comes to the coronavirus, it has led to an increase in potential cybersecurity risks as employees shift from trusted, secured office networks to remote locations, using at-home Wi-Fi and power sources that might work well for everyday use but often fall short in terms of security coverage. As a result, cybercriminals have been provided with an opportunity to take advantage of the situation.
The National Security Centre (NCSC) issued a warning that cybercriminals are looking to exploit the current coronavirus crisis to conduct cyber-attacks and hacking attempts. Experts from NCSC have been made aware of multiple cyber threats and scams designed to take advantage of COVID-19.
In fact, cybercriminals are already using Coronavirus and COVID-19 in email subject lines for phishing scams, hoping to trick unsuspecting employees who are working from home into clicking on links or opening attachments that result in malware being installed on their device or unwittingly handing over sensitive login credentials.
With that in mind, here are some best practices to keep in mind if you are managing a remote team of employees or working from home yourself during the current crisis, in order to raise more awareness of phishing techniques and scams and keep your systems and data safe while the office is closed.
Treat Unusual Emails with Suspicion
Be suspicious of any emails that are regarding the coronavirus outbreak, even if they appear to have been sent by a trusted source, such as a friend, employer, government agency, or a business that you are a customer of, since these could be cleverly disguised phishing emails. One red flag to look out for is anything that creates a sense of urgency; phishing scams tend to do this in order to scare you into opening an attachment or clicking on a link. Think twice before you click on links that appear in any unexpected emails or instant messages. Phishing emails often appear to be from a legitimate company, and clicking on a link could take you to a webpage that looks exactly like the real site – but it’s actually a fake. Hover over links before clicking on them and find the actual URL that it leads you to make sure that they are legitimate. Don’t click the link if you don’t recognize the URL or if it’s filled with words that don’t make sense to you.
Beware of Emails That Don’t Contain Your Name
You should be cautious of any emails that don’t contain your name, particularly if they are asking you to follow a link or provide any information. Phishing emails often begin with ‘Dear Customer’ so if you are addressed in an email in this way by a company that normally addresses you by name, this is a red flag. If in doubt, bypass any potentially dangerous links by going to your browser and entering the company’s URL yourself, where you can log into your account and verify whether or not they are actually requesting information from you. You should be especially wary of any emails that ask you to check or renew any passwords or login credentials.
Be Alert to Unusual Requests
Be on the lookout for any unusual or unexpected requests; for example, if somebody that you know is suddenly asking you to send them a wire transfer of money, chances are that it is actually a scam. The same is true for any emails that seem out of character for a company or individual to send or emails that come from executives or other colleagues within your company or any other company with whom you have never been in contact. Before you follow any instructions given within an email or click on any links, it’s a good idea to make a phone call to the alleged sender and verify whether or not the email is legitimate.
Secure Your Home Wi-Fi
Home Wi-Fi tends to be secure enough to use for personal use at home, but when it comes to accessing secure company data, it often falls short. Thankfully, there are a few things that remote workers can do in order to ensure that their home network is as secured against cybercriminals as possible. First of all, make sure that the Wi-Fi is encrypted using WAP2 and change the router password from the default to a strong and unique password. If your Wi-Fi doesn’t require a password for you to access it, now is a good time to set one up. If you haven’t changed the password since you had the Wi-Fi installed at your home, like most people, this could be a weak link and an easy way in for hackers who can often easily find the default passwords for most router models. It’s also a good idea to log into your dashboard and check for any unusual or unknown devices on your network which could signify that somebody has gained unauthorized access; at best it could be a neighbor getting free Wi-Fi and at worse, it could be somebody looking to gain access to secure work data.
Use a VPN
A virtual private network (VPN) will offer an extra layer of security when working from home and if you haven’t set one up already, it’s a good idea to do so. This is especially true if you expect to be using public Wi-Fi networks to connect and get work done; if you plan to work from your local coffee shop or library in the future when they reopen, then securing your connection with a VPN is absolutely crucial as public Wi-Fi networks are often the easiest for hackers to infiltrate. If you are new to VPN security, Anonymania is a great site to use to get started with choosing the right VPN protection for you and setting it up correctly. Use the information here to guide you through selecting the kind of VPN that you need and installing it on your laptop or computer.
Keep Antivirus Software Up to Date
Good antivirus software is an absolute must whenever you’re using a computer or laptop either for work or personal use. If you are working from home using your personal device, it’s especially important to ensure that you add an extra layer of security with a strong antivirus program. Be sure to keep it up to date, along with your programs and operating system, as there are regular updates in order to prevent hackers from exploiting weaknesses. Cybercriminals are constantly coming up with new ways to infiltrate systems and get around the protection in place, which is why regular updates are absolutely vital. Running an old version could be as bad as not running antivirus software at all. Set it to scan and check your computer for any issues or breaches on a regular basis.
At a time where most people are adjusting to a new way of life and we all have a lot on our minds, following these recommendations can help you keep yourself and your company safe from cyberattacks while working outside of the office.