The global COVID-19 pandemic has changed the way we live, interact, and work. Indeed, thousands of organizations have been forced to have their employees work from home, following government recommendations and obligations. Working from home became standard in 2020 when it was practically a luxury not so long ago. As of March 2020, millions of people worldwide are currently or will work from home, and for now, it is a reality that will last.
However, as no one predicted a global health crisis in 2020, employers and employees were unprepared for remote working. Both individuals and businesses have had to adapt very quickly to their new reality. Since then, employees no longer necessarily have the cybersecurity resources they previously had access to more rapidly by being physically present in the office. Now, they are more on their own in the face of growing attacks from criminals. Indeed, many fraudsters are using the insecurities created by the health crisis to carry out even more cyberattacks [1] [2] [3]. Cybercrime is a very significant threat affecting all companies, regardless of the size and number of employees they have. These computer attacks include ransomware, email scams, phishing attacks and more.
This article provides both employers and employees practical advice to protect themselves from the growing cyberattacks during the pandemic.
Phishing attacks
Phishing scams are known to play on emotions to deceive their target [1]. They can take different forms, but all aim to access the victim’s computer and its contents. For example, a fraudulent web page, a fraudulent link or malware are frequently used. Since the pandemic, phishing has been primarily intended to 1) play on the victim’s feelings by creating a sense of urgency or insecurity 2) play on a legitimate appearance.
Here is a list of ten valuable tips to identify fraudulent emails and avoid falling into the trap [2]:
General measures recommended to companies
The list below sets out several practical tips and recommendations that organizations should follow to protect themselves from cyber-attacks.
Tips and tricks [1]:
1. Enable multi-factor authentication, adding another layer of security to any applications you use.
2. Use a password manager to avoid high-risk behaviours such as saving or sharing credentials.
3. Use a VPN solution with an encrypted network connection.
4. Update a cybersecurity policy well suited to working from home. Also, make sure that the policy is adequate as the number of people outside the office increases. The policy should include:
a. Remote work access management.
b. The use of the company’s technological devices.
c. Updates in terms of data confidentiality to ensure access control to documents and private information.
5. Advise employees that they should communicate with colleagues on official matters using only the secure computer hardware provided. If a security incident occurs on an employee’s device, the organization and the employee will be unprotected and risk severe consequences.
6. Secure all devices connected to the business. As soon as a device leaves the workplace, it becomes vulnerable to hacking.
General measures recommended to employees
Here are some valuable tips to help employees feel more secure in their daily activities [3]:
1) Make sure you understand the company policy regarding remote working. Do not hesitate to ask the necessary questions about your disposal resources as the essential accesses, for example, to obtain a VPN.
2) Use a multi-factor authentication system to access your system. If you don’t have one, ask your organization.
3) Be careful and take your time to communicate. This means taking the time to read the emails you receive, making sure you don’t open an unknown link and paying particular attention to any spelling errors or questionable content in emails from external sources.
4) Be vigilant against fraudulent emails: do not open the email and do not download attachments from questionable sources.
5) Validate payments and payment requests with particular attention.
6) Keep your systems up to date to ensure the protection of your antivirus. The best way not to overlook this aspect is to turn on your computer’s automatic update notification.
7) Do not download sensitive or risky content on your mobile phone.
8) Always check the security of the internet page you visit.
9) Make sure you have a strong password: this involves using symbols, letters, and numbers.
10) Do not leave your computer unlocked or in a public area unattended. Your computer should be treated like your wallet or passport.
11) Never assume the legitimacy of the author of an email. Email hacking and social engineering attacks have never been used so much.
12) Perform a backup every day: automatic backups can also be an excellent solution to avoid oversights.
13) Pay special attention to your company’s video conferencing arrangements. Free video conferencing services are generally more at risk. It is vital to use only the services endorsed by your company.
In short, considering the importance of acting quickly and preventing as many employers and employees as possible from the growing threat of cyber attacks, it is essential to make resources available to employees even outside of the office. Employees must be vigilant to prevent important data leaks, but their employer must train them to do this.
Sources
[1] Ahmad, T. (2020). Corona Virus (COVID-19) Pandemic and Work from Home: Challenges of Cybercrimes and Cybersecurity. SSRN. http://dx.doi.org/10.2139/ssrn.3568830
[2] Herjavec, R. (2020). Cybersecurity CEO: Don’t Let Coronavirus Fears Distract Your Employees From Phishing Scams. Cybercrime magazine. https://cybersecurityventures.com/cybersecurity-ceo-dont-let-coronavirus-fears-distract-your-employees-from-phishing-scams/
[3] Collins, G. (2020) Cyber security: Don’t let cyber criminals capitalise on covid-19 chaos – tips for working from home [online]. LSJ: Law Society of NSW Journal, No. 69, 82-83. <https://search.informit.com.au/fullText;dn=20200811034712;res=AGISPT> ISSN: 2203-8906.
[4] CISA (2020). Telework essentials toolkit. Cybersecurity and infrastructure security agency. https://www.cisa.gov/sites/default/files/publications/20-02019b%20-%20Telework_Essentials-08272020-508v2.pdf
