Some employees are working from home for the first time and other businesses are opting for this kind of arrangement to enable business continuity while meeting their employees’ safety as well However, it is a prime time for cyber—attackers to target businesses as more employees work from home. The attacks can be in the form of malicious software (malware) targeting their personal computers (PC) or phishing emails to intercept sensitive communication such as authorization of payments.
As many companies adopt work-from-home policies in response to the COVID-19 pandemic, cybersecurity is a growing issue. Cybercriminals are seeking to exploit coronavirus to target companies and individuals.
Here’s how businesses and employees can protect themselves online.
As we navigate the challenges posed by COVID-19 and the need to halt the spread of this deadly pandemic, many of us are settling into a routine of working from home. This can pose many difficulties, including how to maintain focus, how to balance other priorities, such as childcare, and how to be productive without requisite tools or dedicated office space – not to mention the struggle to avoid raiding the whole snack cupboard in one day.
There are compromises to be found for many of these challenges in what we hope will be a relatively short-term arrangement. What we must not compromise on is security.
Many cybercriminals are seeking to exploit our thirst for information as a vector for attack. Most commonly, as with other high-profile events, attackers are using COVID-19-themed phishing e-mails, which purport to deliver official information on the virus, to lure individuals to click malicious links that download Remote Administration Tools (RATs) on their devices.
In addition, there have been multiple reported cases of malicious COVID-19-related Android applications that give attackers access to smartphone data or encrypt devices for ransom. The global pandemic has also led to the creation of more than 100,000 new COVID-19 web domains, which should be treated with suspicion, even though not all of them are malicious. (Palo Alto Networks is continually updating the latest COVID-19 related cyber threats here.)
Attackers are also taking advantage of the fact that many people who are working from home have not applied the same security on their networks that would be in place in a corporate environment, or that enterprises haven’t deployed the right technologies or corporate security policies to ensure that all corporate-owned or corporate-managed devices have the exact same security protections, regardless of whether they’re connected to an enterprise network or an open home WiFi network.
Hackers are taking advantage of the panic caused by the COVID-19 outbreak.
The guide serves to protect everyone working from home in these times and
We have highlighted some of the most common security challenges with emails below:
This is a process where an attacker steals the email login credentials of an employee. This can be done in many ways such as by using a password-cracking tool, redirecting a user to a malicious website that looks legitimate, looking over the shoulder of a user as he or she types their password, using a keylogger that records a user’s keystrokes as they type in their passwords
The solutions to preventing email compromise are simple:
Change/Use Strong Passwords Employees should use strong passwords. We also recommend that passwords be changed monthly
Avoid Logging into your Work Email from “Unknown” Computers Computers and devices not owned by employees (or the company) are unknowncomputers, as the software and programs running on them are not completely known to the employee and as such should not be used to login to work emails.
Understanding Phishing Scams Phishing scams target unsuspecting users with legitimate looking offers or propositions aimed at deceiving them into giving out information they should not give out.
Hackers can eavesdrop on content passing through a network which can allow them to get hold of credit card information, login credentials (usernames, passwords, phone numbers, etc.) and even files shared. Content sniffing is common when users connect to insecure or public networks
Employees can protect themselves from this type of attack by:
Connecting Only to Trusted Networks Working from home means that employees will work with whatever network available. This includes home network and public networks, and both come with different types of risks. Employees, especially those who work on sensitive materials or documents, should only connect to networks that have been tested to be secure (this eliminates using public networks altogether).
Using Secure Browsers Using the right browser is vital for email (and communication) security. Below is a list of secure browsers you should (seriously) consider using as you work from home: Firefox browser, iridium browser, brave
Avoid websites with HTTP and not HTTPS: Websites without a security certificate will display a “Not Secure” notice in the URL address bar. Such websites should either be completely avoided by employees, or they must avoid entering any vital information on such websites (like usernames, passwords, credit card numbers, etc.).
This is the fraudulent practice of sending emails claiming to be from a reputable or trusted source in order to induce individuals to carry out an action intended by the hacker or perpetrator.
COVID-19 Phishing Scams
Phishing is a cybercrime where a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking details, and passwords.
How to protect yourself from falling victim to Phishing
Scrutinize the sender’s email address-Email addresses can be easily spoofed. An attacker may create an address very similar to the Manager’s or CEO’s asking an employee to urgently send a file or complete a transaction. Employees should scrutinize emails and pay attention to these nuances, especially if the sender is requesting you to click on a link, download a file or send critical/confidential information.
Analyze the tone of the mail-Phishing emails typically sound urgent or seek to instill fear or panic or exploit the basic human tendency to trust. Unsolicited mails that seem urgent or appears legitimate but asks you to do something unprecedented or mistrustful (e.g., does your manager usually require your username and password because his unfortunately isn’t working?).
Inspect the link or attachment- Don’t click on links or open attachments from unknown sources. Attached links and files are the holy grails of phishing scams. Downloadable files within emails don’t have to be downloaded, and if they are from an unknown source, they shouldn’t be downloaded at all.
Don’t forward suspicious emails to co-workers
Report suspicious emails to the IT department.
Errors in grammar: Phishing emails often contain spelling or grammar mistakes, Note grammatical errors in the text of the email; they’re usually a sure sign of fraud.
Free giveaways and gifts: There’s no such thing as a ‘free gift’! If you have been approached with special offers, free memberships, discounted products etc., it is likely a scam. It is advised to manually enter the website of the company you’re looking to buy from, and not click on links sent to you
Never donate to charities via links included in an email; instead, go directly to the charity website to donate.
How do we protect smartphones, laptops, tabs, computers etc. from unauthorized access? Keeping devices safe when working from home is important as poor device security practices opens doors to cybersecurity challenges.
Here are some simple tips to follow for employees:
- Enable password protection on all your devices.
- Make sure to use strong passwords. Check the strength of your password here. Strong passwords are typically between 8-12 characters long and contain a mix of alphabets, numbers and special characters.
- Set antivirus and system update to “automatic”.
- Enable lock-screen and biometric security on devices (where it applies).
Working from home means that employees are more responsible for their own internet connection than they are at work.
Here are some network security tips to keep in mind:
- Secure your home router or MiFi devices: The important considerations here are the encryption standard (security level) of the router (is it “WPA”? “WPA+TKIP”? “WPA2+AES”?) and the password strength of the router/MiFi devices. Routers with the encryption standard of “WPA2+AES” are recommended. Every router has a default password. It is recommended that this default password be changed. To change the password, go to settings on the router.
- Limit network range or radius: Individuals who operate their own home network should ensure that the network radius is limited to the area of use. Networks visible/accessible outside the home can be a strong target for hackers, who can position themselves around long enough to get into the network.
- Network radius can be adjusted appropriately in the network settings on each router
Wandimi Murage (ICT Specialist at Pioneer International University) & Faith Musyoka (ICT Faculty Member at Pioneer International University)