As it typically the case when large-scales global events take place, the COVID 19 Coronavirus pandemic has resulted in cybercriminals attempting to use the situation to target unsuspecting individuals and companies as they attempt to steal data and money.
This type of tactic has previously been witnessed during the Zika virus crisis. It is important that individual and groups implement the following measures so that they do now risk breach the European Union’s General Data Protection Regulation at this time.
Firstly workers need to be extra careful in everything that they do during this time, especially as they may be working at home on a network with less cybersecurity in place than they are used.
Phishing emails are normally the main attack vector of hackers during a crisis. Offers will be sent with links to websites to buy vaccines, testing kits and even hand sanitizer It is important to be wary of everything as normal and do not click on anything unless you are 100% certain that it leads to a valid and safe destination.
A sharp uptake has been witness on CEO scams, package delivery notifications and banking information emails. If something seems important then it is vital that you make contact with the sender prior to clicking on any links. Links could take you to a spoofed websites with tracking cookies and malware.
Turn on multi-factor authentication on whatever accounts you control, and certainly be sure it is in use for Office 365 email accounts. This will help you to prevent a lot of the malware that is targeting you.
See to it that all routers, devices and technology have the most recent version of anti virus software in pace. Secure connections should only be used at any time for any purpose. Though there may be little chance due to lockdowns and social distancing, never use a public wifi network. Hackers are knock for using a name similar to a secure network, so look closely and verify to make sure you are using an authentic network. If you are unsure then the best move is to rely on using you smartphone as a Wifi hotspot.
Finally for employees, report stolen or missings devices as quickly as you can to prevent your device being used to access a company network remotely.
Employers need to step up to the mark also. Remote access which is secure and impenetrable should be provided to all employees that are working remotely. Other information should be sent to workers including strongly-worded reminders that all confidential information remains confidential when they are working remotely so they should be as careful as possible and must never use personal email for any company business.
Similarly, personal laptops must not be used for company work as they will not have the same security provisions in place. It may also be the case that the most recent updates and security patches have not been applied.
Remote access tools are a convenient way of working during a crisis like this but they must be used with the same security in place as would be in place at an office desk. As it always the case with cybersecurity utilities it will only be compliant with data privacy laws if the employees are aware of what they can and cannot do.