COVID-19 & Cybersecurity
What we have learned and how to protect yourself.
It has now been two years since the COVID-19 outbreak was officially designated a pandemic. The spread of this disease brought sudden and drastic changes to the workplace, forcing people to make the transition to working from home. As one would expect, these changes brought along increased cybersecurity concerns. Let’s take a look at some of the IT threats that became prevalent during the pandemic, then consider some tips on what you can do to stay protected.
Threats In The Home Office
According to a global survey done by Kaspersky in April 2020, nearly half of the 6,000 surveyees stated they had never worked from home before. And in 73% of cases, employers did not conduct any special training on safe interaction with corporate resources over the Internet. In addition, many did not provide employees with corporate equipment, leading many to use their personal devices for work which are often poorly protected. And with corporate IT having less control over devices, software, and user actions, cybersecurity threats became an increased risk.
Collaboration Tools. In the world of remote work, the need for videoconferencing and collaboration tools dramatically increased. Such growth in demand attracted the interest of cybercriminals. Security gaps and bugs were detected and fixed in legitimate softwares such as Microsoft Teams and Zoom, which had allowed attackers to gain access to organizational accounts and user devices. Additionally, employees often used free services such as Google Docs for document and file sharing, which generally lack the protection needed for confidential data.
Phishing. As the need for help and fear of the virus grew, cybercriminals tried to capitalize on this by sending malicious e-mails on COVID related topics. Scammers sent e-mails pretending to be from organizations such as the US Centers for Disease Control and Prevention (CDC), the World Health Organization, and the International Monetary Fund. Fake e-mails imitating business correspondence also became prevalent. Victims were asked to click a link and enter their email and password, or click an attachment that contained a Trojan or backdoor virus, allowing the criminals to obtain account information or control over user devices.
These methods used by cybercriminals are obviously not new, but they still continue to wreak havoc as we have seen throughout the pandemic. Here are some tips to help you stay protected when working from home.
Secure physical and digital data. When working from the office, data protection falls mostly on IT. But when transporting data — whether by laptop, flash drive, or files — comes the danger of losing corporate data by carelessness or theft. If possible, have separate devices for the home office and actual office. If you need to carry devices with you, take practical steps in the event they are lost or stolen. Encrypt confidential information with tools such as BitLocker for Windows, FileVault for macOS, or a reliable third-party tool. Alternatively, you can use cloud services to store data rather than local storage. Additionally, never keep your passwords written down somewhere. Use a password manager to create strong passwords and manage them. But of course, there's no safer place to keep passwords than in your head. Mnemonics are useful to help you remember them.
And finally, some universal tips:
Do not click on links or download files from e-mails if you're not sure you can trust the sender.
Use corporate devices and company-approved software for work.
Ask your employer to install reliable protection on such devices, and strengthen security on your personal devices.