Staying Cyber-Aware Amongst COVID-19: Three Things to ConsiderPosted in : Supplementary Articles NI on 25 March 2020
There are many things we must be diligent about today – clean hands, avoiding crowds – but it doesn’t stop with just physical actions. We need to take precaution in the virtual world as well. In cybersecurity circles, the novel coronavirus, or COVID-19, is spurring anxiety over virtual abuse of the disease by scammers.
My role at Allstate focuses on the human element of cybersecurity, promoting and reinforcing secure habits. In the current threat landscape, there are many best practices for vigilance against COVID-19 cyber scams, including remote working and recognizing phishing scams. Read on for the real scoop on how to cope during these challenging times.
Top cybersecurity tips for remote working
- Keep devices with you or stored in a secure location when not in use; don’t leave your devices in the car. If you must leave it for a short period of time, ensure that it is hidden from site and your car doors are locked.
- Only use work devices for work purposes –the approved user should be the only one to use the device (family and friends should not use a work-issued device) and don’t transfer sensitive material to personal devices. Back up your data regularly.
- Don’t use public Wi-Fi without a Virtual Private Network (VPN), VPNs make it difficult to intercept your data. If you don’t have a VPN, use your mobile network.
- Beware of shoulder surfers. If you are working in a public area, be aware of your surroundings.
How to Recognise and Avoid Phishing Scams
Phishing is the fraudulent attempt to obtain sensitive information, like usernames, passwords and credit card details by disguising oneself as a trusted source.
Spotting a phishing email
Phishing attacks have become more sophisticated over time, but there are still several red flags.
- Name check - use caution if you receive an email from someone you don't know directing you to sign-in to a website, asking for personal information or requesting access to confidential or restricted material.
- Poor spelling and/or grammar - it's more than likely a scam if you receive an email that has several errors in spelling, grammar or context.
- Threatening tone - creating urgency is a common intimidation tactic used to get you to provide your personal information.
- Expect the unexpected - some of the most successful phishing attacks are disguised as something commonplace like an HR document, shipping confirmation or request to change a password, but if you weren’t expecting these communications, be wary.
What should I do if I get a phishing email?
- Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
- Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
- Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.
- Delete it immediately to prevent yourself from accidentally opening the message in the future.
Vigilance Against Coronavirus Cyber Scams
These scams - sent through email, texts or social media - claim to provide coronavirus awareness, sell virus prevention products and/or ask for donations to charity. They can often appear to be from a legitimate organisation or individual, including a business partner or friend.
The World Health Organization (WHO) has put out an alert about ongoing coronavirus-themed phishing attacks that impersonate the WHO and try to steal confidential information and deliver malware. - https://www.who.int/about/communications/cyber-security.
Be on the lookout for these social engineering scams that rely on scare tactics.
Visit the National Cyber Security Centre website for more information and tips on how to Defend Against COVID-19 Cyber Scams.
[New] Protecting Data when Home Working in Great Britain eLearning training course (limited time offer available)
Data breaches are often accidental and the result of staff carelessness. The fear and panic surrounding the coronavirus (COVID-19) have produced a perfect ‘high stress’ environment for cyber criminals.
It is vital that all of your employees – from customer service to marketing and sales, many of which will be home working now - know how to protect your organisation’s confidential data from cyber attacks and fully understand their obligation under data protection legislation to protect the data they handle.
The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.