The Malta Independent 15 August 2020, Saturday

Avoiding cybersecurity threats during the Covid-19 crisis

Saturday, 1 August 2020, 13:32 Last update: about 12 days ago

As the COVID-19 pandemic has pushed more workers indoors, hackers have new business targets. The pandemic has already had a profound effect on the way we work. When at last science finds the prevention and cure and we can throw out those face masks and forget about social distancing, many workers and their employers may opt to continue remote working arrangements, for a variety of reasons-convenience, cost savings, etc.

But the bottom line is that the increased presence of work-from-home arrangements requires a new awareness. Whereas the IT people at the office previously maintained the firewalls and security patches, the at-home worker needs to step up and become more cybersecurity conscious.

You Need a VPN at Home

The first item on a home worker's to-do list should be installing a premium VPN. A VPN routes your internet connection to a different location, making your online presence impossible to detect. That is made possible by the encryption embedded in the VPN software. Your encrypted internet traffic travels through a virtual "tunnel" keeping your online activity untraceable and private.

However, not all VPN services guarantee privacy. Free VPNs, for example, can only be free by tracking their customers' online activity and engaging in practices that are detrimental to their users-installing adware, selling user data to marketers, causing slower internet speeds due to popup ads, for example.

Using a premium VPN service with a "no-logs" policy guarantees that your web activity cannot be recorded and targeted by intrusive spyware and secondary vectors of downloaded advertising that infect your browser and computer with bots and malware.

Use a VPN to Practice Cyber Isolation in Public Wi-Fi Hotspots

With the proliferation of public Wi-Fi hot spots at cafés and coffee shops gradually reopening during the ebb and flow of the COVID-19 pandemic, using a VPN is as important as donning a facemask. Public free and unsecured Wi-Fi hotspots are perfect setups for so-called "man-in-the-middle" (MITM) cyberattacks.

MITM attacks employ the following:

  • surveillance as innocent as intercepting tracking cookies, or as insidious as spying on everything the user does while the hacker is watching
  • downloading viruses and malware from dark and compromised websites
  • live interference such as detecting banking activity and sending a fake message telling the user that the account password has been compromised and must be changed immediately
  • injecting malware for future activation
  • luring the user to fake local networks or bogus websites

The only alternative to completely avoiding public Wi-Fi-other than tethering the device to a secure smartphone or using a personal Wi-Fi router--is to use a premium VPN service like Surfshark. That person at the far table may be practicing social distancing, but he could also be combing the free public network to launch MITM attacks. So, use a VPN and protect your privacy on public Wi-Fi networks.

But You Need to Do More...

A VPN, however, does not provide the protection you need against malware and social scams like phishing and other social engineering. Think of a VPN as a means to keep your web activity a hidden moving target. The data to and from the server you use is encrypted and private. However, a VPN cannot keep you from clicking on a poisoned link or downloading a computer virus.

The Main Cybersecurity Risks in the Current COVID-19 Pandemic

The following are typical cybersecurity risks associated with the COVID-19 pandemic:

Scammers are leveraging COVID-19 fear and confusion.

Analysts have noted a surge in malicious email activity, which uses traditional social engineering to trick users into providing information under false pretenses. Scammers pose as a legitimate customer or other trusted source, say the World Health Organization or local health authorities. They coax unsuspecting victims to sharing sensitive data.

COVID-19 is showing up as a theme to lure users into downloading malware.

Cybersecurity firms have detected a variety of malware types, including spyware and ransomware, using COVID-19 themes. The user receives an urgent, authentic looking email, clicks on a link or a file and downloads malware that can cause enormous damage to the company's network.

Supply chain threats are occurring outside the organization's firewall protection.

Remote workers are increasingly using their own home computers to keep the business running and ensure business continuity. All that remote work was common before the COVID-19 mess, but home workers are increasingly working outside the cybersecurity protection of the company's firewall. That, in turn, has significantly increased the risks, especially when businesses depend on outsourced web-based tools to maintain the business supply chain.

COVID-19 operational stresses can cause a serious lack of awareness of the threat.

While everyone has a laser focus on staying well and keeping the company going, they may be underestimating cybersecurity threats. It is all a matter of focus and there are several rather simple steps everyone, including those working from home, can take to protect themselves from COVID-19 cyber threats.

Advice on Protecting Businesses During the COVID-19 Crisis

Stress that employees are the first (and often last) line of defense against cyberattacks. According to one Kaspersky survey, over 50% of security incidents are a result of human error, not deliberate attacks.

Meanwhile, deliberate attacks can be avoided through well-publicized and strictly enforced policies that stress:

  • strong password and system access enforcement
  • using company email safely and responsibly
  • avoiding phishing scams and reporting the presence of malicious material promptly
  • banning of unlicensed software
  • updating operating systems and other software to patch security flaws
  • enforcing safe web browsing as well as social media use rules

11 Actions Home Workers Can Take During the COVID-19 Quarantine

Working from home during the COVID-19 crisis means setting up a home office with attention to security. If the home configuration permits, consider doing the following with the goal of setting up a private, secure home office:

1. Designate a specific and organized work area that creates a distinct boundary between home life and work.

2. Put your clothes on. Getting dressed as a part of a daily work routine makes you more ready for the workday. Donning comfortable and casual clothing moves the mind from the previous night's sleep into the wide-awake work routine.

3. Keep personal and professional business separate. Mixing your online work with your personal business is both inefficient and can lead to inadvertent compromise of company information. If possible, use separate devices for work and personal business. If not possible, use different user accounts on the computer's operating system. By the same token, don't use your personal email to do work business.

4. Password protect all your devices with hard-to-crack passwords. Likewise, set your computer to go into the sleep mode when unattended and require a password to reactivate. Use a password manager to keep track of all those login credentials. DO NOT use the same password for everything.

5. Shut down and lock up your computer when not in use. People are naturally curious. Don't tempt casual observers by leaving your computer open and unattended with sensitive company information loaded on the screen.

6. Be cybersecurity aware and extra alert while at home. We tend to be more relaxed at home. Your Wi-Fi router could also be a weak spot. Check out its password. If it is still the generic password supplied by the manufacturer, change it.

7. Install commercial grade anti-virus/malware detection software. While built-in programs like Windows Defender can provide basic protection, they are usually slower in upgrading virus detection definitions. Commercial products like McAfee and Norton provide quick downloads and increased protection.

8. Accept the automatic operating system patches and updates. The Windows operating system is under continuous attack as hackers look for exploitable weaknesses. Those periodic updates and patches Microsoft sends out help fight the leapfrog battle to keep the operating system even with or ahead of threats.

9. Practice safe web browsing. Check the default security settings on your web browser. On the Windows 10 Internet Explorer you can tweak the security settings. Also, the safest and most secure web sites are those that begin with "HTTPS."

10. Watch for phishing. Never trust emails from unknown senders. Email is the primary vector for online fraud. Do not click on links in the email or open attached files. Those links can take you to a dark web site that will send you and your company's network ransomware. The attached file could be a concealed .exe or .zip file that activates ransomware or other malicious Trojan/bot.

11. Stay professional and businesslike on social media. Working from home could lead to overexposure on social media throughout the day. At work, you normally sign on to your Facebook or Twitter account during lunch for personal business with friends and family. If you depart from that routine as a remote worker, you are signaling hackers and scammers who are looking for unusual activity.

Conclusion

The COVID-19 pandemic has changed the working landscape, and those changes may be permanent. Home workers need to use a premium VPN to mask their online activity and protect their anonymity. VPNs protect against MITM attacks, but home workers need to take more steps to ensure greater cybersecurity, which is further complicated by COVID-19 related scams and threats.

Companies need to take extra measures to educate their employees and publicize polices stressing cybersecurity awareness. Likewise, homeworkers can take positive steps to keep their home office and devices secure and safe through security awareness, safe web browsing, and avoiding social engineering scams.

  • don't miss