Last night my university lecturer suggested I write an article advising people on the cyber risks of working from home and how to avoid them. There’s been so much uncertainty with the alarming spread of the COVID-19 pandemic that has led to many countries enforcing a nationwide lockdown. Consequently, offices and academic institutions have been forced to close down. In Australia we see this happening in pockets of industry and I’m sure we are yet to face the peak. Companies and schools across the world are either migrating their work exclusively to the digital medium now, or working out how to do so.
Unfortunately, hackers and cyber scammers are trying to take advantage of the vulnerabilities that have arisen due to this very situation. Employees are being forced to trade the secure, monitored connections at the offices for open Wi-Fi connections at home. This makes people far more susceptible to cyberattacks. Cyber criminals are launching attacks that specifically prey on people’s fear of the COVID-19 pandemic. Let’s take a closer look at some of these threats and explore how to protect ourselves from them.
1) Corona-themed Scams
Phishing Attempts. Cyber criminals have been sending out phishing emails under the guise of coronavirus campaign material, or as supposed work updates from employers. Many of these phishing emails contain malicious software, which penetrates your computer’s system to steal data. The phishing scenario has become so serious that the World Health Organization (WHO) specifically issued a statement on the matter. They informed the general public about criminals that are impersonating WHO members in order to steal sensitive information and money. Be careful not to allow your panic over COVID-19 to distract you from taking traditional security precautions. Never hand out any sensitive information such as passwords or credit card numbers, and closely scrutinize the sender’s details of any emails you receive.
Malware hidden in downloads. Another tactic that cyber criminals have employed is the creation of COVID-19 related content, such as videos or articles, which contain downloadable malware concealed inside. While the malicious software can be of various types, they all serve the same purpose; to illegally obtain sensitive information or money from vulnerable users. It has even been reported that the application released by Iran’s Health Ministry for monitoring potential COVID-19 symptoms is, in reality, a form of spyware. This has yet to be confirmed, however.
Sale of counterfeit and fraudulent items. As of March 2020, there have been reports by the National Fraud Intelligence Bureau (NFIB), UK of over 20 fraudulent cases pertaining to COVID-19. Scams include criminals promising ‘maps’ of infected persons in the buyer’s vicinity, as well as the sale of face masks, in exchange for cryptocurrency. These schemes have resulted in estimated losses of over £800,000 in the UK alone.
2) Working from Home
Working from home generally makes employees more vulnerable to cyberattacks because of the drop in internet security. Using a Wi-Fi connection that isn’t particularly secure can put sensitive information at risk. People’s personal computers typically aren’t as secure as the devices used in office environments.
There are, however, some security measures that you can take to make your home office more secure. Think of preventive measures as similar to the hygienic precautions we take to avoid the Coronavirus itself. In the same way that ‘keeping clean’ protects us from exposure to the virus, safe and clean internet usage prevents your computer system from digital infection. You should definitely take these steps if you’re concerned about cyber security.
Use of a Virtual Private Network (VPN). VPNs are useful for protecting you from cyberattacks because they encrypt the data that is to be sent over the internet. Thus, when communicating through a private email or, say, making a bank transaction, a hacker who somehow manages to obtain scraps of information will not be able to decipher it, thanks to the encryption.
If you’re working from a public Wi-Fi network or using a Wi-Fi connection that isn’t entirely secure, then a VPN is even more useful. This is because it establishes an encrypted tunnel for communication between the VPN service’s own remote server and your personal connection. This tunnel serves as a medium for all your internet traffic to be routed through, which keeps your data hidden and secure. It’s a sensible idea to install a VPN on all of your devices, especially smart phones and personal computers, for these very reasons.
Use of Remote Signing as a security measure. Remote Signing refers to the use of recognized e-signatures that are considered equivalent to the signatures written by hand. These e-signatures are generated remotely through a user’s secure signing key. The primary security benefits of using Remote Signing is that the signer is required to authorise all transactions which involve their signing key, via a mobile application. This ensures a secure authorisation process which prevents potential hackers from taking advantage of your transactions.
Avoid Off-Network Communication. While working from home, it’s natural to feel more relaxed in your environment. You might start to feel comfortable about discussing work matters with your fellow employees over different platforms. However, where work is concerned, you should keep any sensitive communications restricted to your employer’s secure channel only. Using alternative platforms, such as social media or text messaging on personal devices, to communicate leaves sensitive information vulnerable to cyberattacks. Thus, to avoid these risks, you should be cautious when discussing your work.
Sadly, it’s common for hackers and cyber criminals to take full advantage of global crises for their own malicious purposes. Fortunately, if you keep a level head and take sensible precautionary measures, then you can create a safe, secure digital working environment for yourself inside your very own home.
Thanks for the inspiration Suren! Please note the views and advice expressed above are personal – from myself, and not those of Deloitte.
Reference Articles:
https://www.natlawreview.com/article/protecting-against-cybersecurity-threats-when-working-home
https://www.recordedfuture.com/coronavirus-panic-exploit/
https://www.dailymail.co.uk/sciencetech/article-8082441/Cybersecurity-expert-warns-homeworking-risks-amid-coronavirus-outbreak.html
https://www.signinghub.com/eidas-remote-signing/
https://vpnoverview.com/vpn-information/what-is-a-vpn/
This article originally appeared on the author’s LinkedIn page.
Kylie is a unique blend of Sociologist and Technologist that leads teams in Risk Advisory for cyber security and data analytics. Her sociology background has led her to specialise in both insider threats and cyber criminal behaviour, as well as change management. Kylie is also an enterprise architect and automation risk specialist. She currently advises Federal Government clients including being the Lead Risk Partner for Defence at her company.
