These are very difficult times we are living in currently with a great deal of uncertainty over what the future holds for businesses and whether they will manage to survive the effects of the coronavirus pandemic global lockdowns and infection rates. And cyber security is one aspect that needs to be dealt with to ensure that it doesn’t add to the problems, especially as so many workers are working from home during their country’s lockdown and cyber criminals are notorious for taking advantage of such situations.
F-Secure’s chief research officer Mikko Hyponnen recently gave a very interesting webinar on the cyber situation we are being faced with and reported that contrary to the claims made by other cyber security vendors that the world is facing unprecedented increases in cyber attacks during the pandemic that this was not true. In fact, he reported that the number of attacks had actually decreased and that it was just “business as usual” in this sector. It is likely that the vendors making such claims are trying to increase the amount of business that they are doing. Mikko also admitted to actually tweeting messages in the public domain requesting hackers to back off during these difficult times and have more respect for people’s lives and their futures, which he apparently received responses from hackers on saying that they would honour this. Whether this actually happens remains to be seen but it was very honourable of a person of Mikko’s standing in the cyber security world to take such a stand. His company F-Secure which he has worked for over the last 25 years has in fact made very generous offers of free trial software for extended periods of time and hugely discounted other products to assist companies with protecting their staff working from home.
On the subject of devices taken home by employees during the lockdowns, all workstations, laptops, tablets, office equipment and mobile devices such as mobile phones should be secured and managed properly to ensure that other family members (kids/partners) don’t have unauthorised access to them. Non-work-related content and media should also not be accessed on them, especially when the devices are unsupervised. Wifi and fibre routers need good passwords and VPNs should be place for both workstations and mobile devices. Operating systems and application software also need to be kept updated and entertainment needs to be kept separate from work computers.
Those using videoconferencing apps like Zoom or Microsoft Teams need to ensure that meeting passwords are used and the meeting IDs are not shared publicly. Only the host should do screen sharing and the option to “Allow removed participants to rejoin” needs to be disabled, as should any file transfers. Users should also not click on any funky links during their meeting sessions and be conscious of the fact that the chats could become public.
Another aspect that has become more pertinent during these troubled times is that of avoiding the forwarding of hoaxes. During times of crisis hoaxes are a lot more common and can contain links to fake websites, malicious files and/or credential-stealing phishing campaigns as part of supposedly genuine information. One should take caution when forwarding messages, emails and social media posts etc. to ensure that links connect to trusted sources. Online criminals typically capitalize on big news items during times of crisis – the Kobe Bryant tragedy saw bulk spam and phishing campaigns using the tragedy as a theme to trick users into opening attachments and links. The coronavirus pandemic is already proving no different. Such attacks prey on the fear of individuals to do things that they wouldn’t usually do under normal circumstances. Below are a couple of examples of such hoaxes.
One should also think twice before click on any links, opening attachments or logging into something to ensure that the site you are accessing is exactly what you think it is. Cyber attacks are also not just limited to computers. Text messages, WhatsApp, tiktok, telegram, Zoom and others apps are also being weaponized and scammers are using government initiatives to direct victims to malicious locations, as indicated below.
The management at businesses needs to put the necessary protocols in place to inform their staff of the risks that they need to be aware of while working from home. They should also have skilled IT staff help manage the security of the devices being used by the staff to avoid having their company suffer unnecessarily from the consequences of vulnerabilities or irresponsible actions of their staff during these testing times.