With the recent influx — or maybe tsunami is a better word — of people working from home during the COVID-19 pandemic, there’s been both good and bad. For companies that are able to continue their operations via essential employees working from home, it’s a good thing. For employees who can continue working without leaving their homes and get paid, it’s a good thing. For everyone who’s concerned about maintaining a high level of online security, it can be not-so-good, since there’s always danger out there. Hackers are continually finding new ways to break into online accounts and even persuade unwilling targets to innocently provide them with access.
Whether you or your employees are working remotely using either a company-owned or personal device, it pays to be cautious, prepared and safe.
Thierry Levasseur is a Vancouver online security expert, entrepreneur and business leader who helps companies and individuals alike protect themselves from online threats. According to him, the first thing you want to do is protect your email account from unwanted invasions.
“We’re in the midst of a global pandemic,” says Thierry Levasseur, “and it’s long been known in our industry that many cyber criminals like to capitalize on large-scale global events via phishing. This is when they use your email against you.”
According to Levasseur, many people have heightened vulnerability during global crises. “You want to know more about the situation and an email arrives with, say, ‘COVID-19’ in the subject line. It looks official enough, so you give it the benefit of the doubt and click on a link or attachment. And that’s when the virus, trojan horse or malware reveals itself. At that point, it’s on your hard drive, and needs to be removed so you can continue working”
Sound nefarious?
It is.
The scary thing is that there are products now available on the dark web — non-trackable, non-advertised websites that “in the know” web users frequent for all sorts of illegal and unethical purposes — that actually help cybercriminals accomplish their tasks. According to Alex Guirakhoo on the website Digital Shadows, COVID-19 phishing kits are now being made available via dark web markets.
Guirakhoo writes that COVID-19 has been a popular topic of discussion on online cybercriminal forums the past few months. “Reports of email phishing campaigns using COVID-19-related lures surfaced almost immediately after confirmed infections began increasing in January 2020.”
For example, an online user on a cybercriminal forum advertised a malware attachment cleverly disguised as the COVID-19 outbreak map created by the Johns Hopkins Center for Systems Science and Engineering.
Email attachments and links like this are plentiful, and it’s very important that both companies and private citizens be on guard against them, says Levasseur. “This is why you want to be absolutely sure that you don’t click on things that are better left untouched. If it appears to be from an unfamiliar sender or feels suspicious in any way, you want to delete it from your inbox, then from your trash folder. Just get rid of it.”
He also suggests heightening security levels on every device you use, from computers to phones and tablets and even routers. “Some routers allow you to apply extra security,” he says.
If you live in a community with other homes close by, it’s possible that anyone can easily get to your account, if not into it. You might notice a number of neighbors’ wifi accounts when you look into your wifi settings. “Of course, they’re probably all password-protected,” says Thierry Levasseur, “but it’s still a good practice to add extra levels of protection if they’re available, especially if you’re using your wifi connection to access or share documents with your company’s account.”
One other good idea for companies whose employees are working from home during the pandemic is to spell out and communicate to employees specific rules for off-site computer use.
“Send out rules and guidelines regarding accepted applications and collaborative platforms so employees are aware of what is sanctioned and supported and what is not,” writes Liviu Arsene, global cybersecurity researcher at Bitdefender. Also, he suggests, “Ensure all employees have valid credentials that don’t expire within less than 30 days, as changing expired Active Directory credentials can be difficult when remote.”
It can be a challenge to work remotely, for many reasons. But if employees working from home take a little extra caution and educate themselves about the bad actors that lurk in the dark corners of cyberspace, they can save themselves a lot of problems.