Cybersecurity during the COVID-19 pandemic

It’s undeniable at this point that the world is heading for a secondary wave of COVID-19 and some experts claim that we are already amidst it. Governments are looking for additional methods to minimize the spread of the infection and one of the more effective methods still remains social distancing / quarantine. This has and will continue to force many people to adapt to using their home environment for work which usually is far less secure than the office counterpart (ideally managed by a dedicated IT department). Due to this I will outline some best practices (or common-sense rules) to minimize the risk associated.

The first rule is to keep your work and private life separate. This also applies to the devices you have been provided by your work such as laptops or smartphones. Lending these devices to your family members or friends can have dire consequences. For example, your friend may ask to check their email and accidentally run malware on your device. Another common example is letting your children install and play games on your work devices, games which can be infected with malware. Such incidents are not uncommon at all and although such behaviour is not deliberate, the repercussions can be big for both you and the company that you work for.

The second rule is to set up a Virtual Private Network or as it’s better known, a VPN. I will not go too deep into the technical details but basically, it’s a secure (encrypted) connection or “tunnel” between your office network and your computer. If you are working in a small business where you might not have dedicated IT personnel to help you with this then search Google (or DuckDuckGo) for the keywords “OpenVPN” and “IPsec”. It’s possible that you already have the supported hardware to set up the connection yourself. Alternatively, if you don’t need a connection to your office but want to have your network traffic secured while browsing the web, then you can use public VPN services such as NordVPN or ExpressVPN. These VPN services don’t usually cost much compared to the peace of mind you will get. I recommend checking out the following LINK for a better overview.

The third rule is keeping your guard up and remaining vigilant as scammers are also adapting their emails to mirror the COVID-19 situation. It’s far easier for criminals to manipulate their victims into doing something than them trying to break any technical controls that may be set in place. To exploit the email receivers’ fears, criminals have begun to write increasingly more pandemic related content in order to add credibility to their various schemes. I will summarize various phishing scams created under the guise of the ongoing pandemic, credit to (Infosec, Inc.): 

  • Consumer relief package
    • Official seeming emails which contain malicious links or attachments.
  • Help desk impersonation
    • Scammers impersonating your IT staff.
  • Safety measures turned malicious
    • Official seeming emails which contain malicious links or attachments.
  • Internal organization alert
    • Seemingly organisation emails which contain malicious links or attachments.
  • New cases in your area
    • Official seeming emails which contain malicious links or attachments.
  • The donation scam
    • Donation scams are rather classic scams, only difference is that it’s written in the context of the coronavirus.
  • Information from the source
    • Official seeming emails which contain malicious links or attachments.
  • Fake product scam
    • As the name suggests, products which are supposedly helpful in some way against the coronavirus (e.g. “miracle” cures).

Fortunately, there is also a rising trend of more awareness being spread regarding cyber hygiene. Just as it’s important to wash your hands (personal hygiene) it’s equally important nowadays to ensure that all of the devices and accounts you use for the cyberspace is safe for you. I do recommend reading through the excellent cyber hygiene article provided by Norton, the article can be accessed on the link HERE. For anyone who might be more interested in the news regarding the COVID-19 situation, I suggest checking out the following LINK which I also used to assess the current situation.

To summarize, working from home can be stressful and tiresome, even more so if you have children who are constantly seeking your attention. All of these factors can lead to human error and all cybercriminals need is just one slip up from your side. For example, when you are in charge of managing the company finances then you have to aware of CEO fraud where the scammers will try to manipulate you to making a payment you would otherwise never authorize. Thank you for reading and stay safe during these troubling times, you are free to let me know in the comment section about your thoughts regarding cybersecurity and the current pandemic.