Guidelines for Cybersecurity Hygiene During COVID-19
Best practices for managing security risks of remote working
It is an unfortunate fact that cyber hacker threats will grab situations to achieve their goals. The security centres of government and industry are reporting a significant spike in malicious activities designed to deed the COVID-19 pandemic, feeding off people’s fears and uncertainties.
Several of these actions are taking the form of spam emails designed to look like communications from certified sources such as the World Health Organization. Malicious emails can use tricked (faked) originating email addresses and contain malicious links or attachments.
Once the users click the send links or files, hackers can quickly infect users’ computers with malware such as worms, adware, trojan, rootkits and more.
Employees working from home can be more exposed to cybercriminals in the absence of network security safeguards providing within a traditional office. But, by following cybersecurity best practices for remote work, employees can pointedly reduce security risks, ensuring the protection of their company data and clients.
Learn the signs of malicious activity
To help prevent cybersecurity attacks from occurring in the first place, these are the signs:
- Unexpected or unsolicited emails – be cagey of any emails that you were not expecting, even from friends (as their email address may have been captured from social media and spoofed), or from allegedly authoritative activities.
- Emails were highlighting urgency - particularly those publicizing new pandemic information that asking your online information details to subscribe to announcements.
- Use of odd or unfamiliar greetings, such as “Dear Sir/Madam.”
- Use of odd email addresses that contain misspellings or do not align with the purported sender (for example an actual email claimed to be from a government agency but used an aol.com address).
- Spelling or grammar errors or text expressed unusually.
- Attachments – acknowledgement for “do not open attachments if you were not expecting them. If in distrust and the sender is a friend or colleague, check with them first before opening the files.
- Embedded links – be wary of them. You can hover your mouse over the given link to see if the “advertised” site matches the link provided. Still, the safest decision is to navigate independently to the official website and not to use the link thru email.
Practice good cybersecurity “hygiene”.
Especially to help moderate for the lack of an enterprise security infrastructure at home, follow these cybersecurity “hygiene” tips:
- Use your company laptop for company business as it contains more healthy security safeguards than your computer.
- Use a company-approved secure remote access connection because most such links include an encrypted point-to-point VPN session.
- Ensure your end-point is updated – be rigorous about applying all available software and security updates and patches and anti-malware updates.
- Do not disable security protections such as anti-malware, end-point firewalls, and some security add ons.
- Do not browse the web for personal details when you have a remote access session connected because if you accidentally across to a malicious website, your computer can act as a connection to infect your organization’s system.
- Protect your work computer – do not leave it unattended without first closing any remote access connection and either securing your screen with a password or shutting down the computer.
- Avoid using free Wi-Fi or do your online work in public places.
Only use reliable websites.
In addition to malicious threats, many sites are spreading specious or misleading information regarding COVID-19. Therefore, we strongly suggested that you only trust information from authoritative organizations and that you navigate directly to these websites in your browser.
Be alert to signs of compromise.
Liable on the skill of the attacker, you may not see signs of compromise. However, in some cases, have common symptoms:
- Pop-up windows appearing on your computer when there were none before
- Your browser’s homepage changes
- Surprising system and application behaviour, including page, application or system down
- Slow computer performance
- Unknown programs running on your system
- Malware that becomes disabled
- Unauthorized password changes or unexpected requests for password changes/validation