The COVID-19 pandemic has rapidly changed how we work, communicate, and interact with one another.   Companies are mandating that all employees who can, must work from home.

For many users, this is the first time they have worked from home.  In addition to the stress of the virus and the uncertainty it is bringing people are having to adjust their work habits to home.  Not to mention the stress of having children home from school as well.

Cyber criminals are taking advantage of the COVID-19 pandemic and the new remote work force.  We have created some tips for remote workers and giving tips and habits that can keep everyone cyber secure when working remotely, and using mobile devices.  Because of the rise of COVID-19 phishing and social media scams, we’ve also included a section on how to identify threats.

 

How to Stay Cyber Secure When Working Remotely

To stay cyber secure when working remotely, employees can do the following:

  • Use a secure connection to the company network.  If possible, make sure the VPN is using multifactor authentication.
  • Only work from home and do not connect to the company network with any unsecured public wifi.
  • Do not share work data and information with the home computer or personal devices.  There is a risk that personal computers and mobile devices do not have the latest security updates for the operating systems and applications.
  • Create new and strong passwords for your laptop, corporate mobile device, and email.
  • Use only corporate approved cloud applications for sharing and storing data.

How to Keep Your Home Computer Cyber Secure

Remind employees of these keys to home computer cyber security:

  • Keep all software up to date.  Ensure the latest operating systems, browsers and apps are on computers and devices that connect to the internet.
  • Install a firewall and use a secure WiFi connection.  This helps protect company assets and yourself from cyber attacks.
  • Use antivirus software.  Use antivirus software to automatically scan websites, downloaded files, email attachments and content stored on external hard drives, memory cards and USB devices.
  • Create strong passwords.    Strong passwords are just as important on the home computer and devices as they are on work computers and devices.  Stop using names, favourite colours, or reusing passwords from home and work devices.
  • Stay click aware.    It is easy to forget security best practices when away from the office.  The best strategy is to remain vigilant ans skeptical of all unsolicited emails, text messages, social media chats and attachments.  When in doubt – don’t click.

Remind employees that they are the first line of defense against cyber-attacks.  The best approach is to be extra cautious.

Tips for Mobile Device Cyber Security

Remember, cyber criminals target victims however and whenever they can.  Because more companies are using mobile devices and technology, mobile device attacks are on the rise.

Follow these tips to improve mobile device security:

  • Disable Bluetooth auto discovery.  Cyber attackers are on the lookout for Bluetooth signals that they can hack and use to connect to mobile devices.
  • Turn off auto-connect.  Never connect to an open or public WiFi network automatically.  In fact, the best practice is to never connect to public WiFi that is not password protected.
  • Use a VPN.  If you must connect to a public WiFi network, whether password protected or not, always use a VPN to secure your connection.
  • Use fingerprint security and visual authentication.  Enable the highest level of security and authentication possible on your mobile devices.  Make sure all mobile devices are protected by a password that is unique to them.
  • Latest versions of all apps and operating systems.  Install all updates, these are usually released to fix known security weaknesses and to protect your device from cyber threats.
  • Be text message aware.  Do not respond to text messages from people you do not know.  Do not respond to unsolicited text messages.

Remember the basics, never leave your devices unattended, lock your device after use and do not let a strager use your mobile device.

Phishing and Social Media Scams

There has been an increase in COVID-19 phishing and social media scams.  Cyber criminals are using convincing emails and social media posts disguised as coming from legitimate health authorities and government departments to prey on fears surrounding COVID-19.

Exercise extra caution and follow these cyber security awareness habits to help stay protected from phishing and other cyber threats:

  • Pay attention to the spelling of email addresses, subject lines and email contents.
  • Be wary of emails that use urgent language and ask you to help out by transferring funds or sharing confidential information.
  • Do not click on links from unsolicited emails.
  • Never send confidential information in an email.

If you are uncertain about the validity of an email or other message, do not respond.  If you receive a strange email from a colleague or supervisor, talk to the person and ask them about the email.

COVID-19 themed phishing emails can take different forms, including these below:

From the CDC (Centers for Disease Control)

From WHO (World Health Organization)

Cyber criminals are always looking for new ways to get people to click on maliscious links or attachments.  These two are great examples.  The first one is a spoofed email from the US Department of Health and Human Services.  It is trying to get you to click on the map for information on the spread of the virus.  The map is a link to a maliscious website.

This maliscious email spoofs a well known health insurance carrier Cigna with a fake insurance bill.  Again, the bad guys use urgency to get users to click.  

Remember cyber security practices apply everywhere – in the office, at home, riding the bus, in the airport, at the coffee shop and wherever you or your employees are connecting to the internet.