Is the Coronavirus putting your cybersecurity at risk?

It seems as though you can’t turn on a news station without hearing about how fast Coronavirus is spreading. It’s become clear that this virus will have a long-lasting impact on the global economy. It’s equally clear that it’s going to have unforeseen impacts as well.

One impact that few of us could’ve predicted was the cybersecurity impact. Could Covid-19 be putting your cybersecurity at risk? Oddly enough, yes. In this post, we’ll look at ways this virus could be more dangerous to your data than to you.

The Phisher’s Are Having a Field Day

Covid-19 is scary because of how fast it spreads. Phishers are cashing in on the general panic around the world right now.

How are They Cashing In?

In a particularly sick twist, phishers have capitalized on the panic by sending out emails purporting to be from the World Health Organization. These emails look very official and use the WHO logos as well.

They’ll have a warning about Covid-19 and a button that allows you to register for more details. If you do click through, you arrive at a page that mimics the official WHO site. This site, however, is loaded with malware.

Why Would This Work?

Think about it for a minute, here. With the panic that this virus generates, people aren’t in their right minds. The phishers are counting on your fear of Covid-19 to override your caution. People are clicking on the links without thinking things through.

Under normal circumstances, they might be suspicious because they didn’t request the information. With so many countries currently under lockdown, this is not a normal situation.

Other Less Obvious Ploys

The WHO gambit is a little obvious. If you’ve never registered for WHO updates, you’re likely to be more suspicious.

Sneakier phishers might pose as company’s CEOs giving instructions about Covid-19 measures. If you get an email or SMS from your company’s CEO, what would you do? If you’re like most of us, you’ll open it without thinking.

In some countries, the government is giving citizens financial assistance. Phishers are taking advantage of this situation too. They’re emailing people pretending to be from the government. They tell people that they must register to qualify for assistance.

Naturally, when you register, you’re inputting your details into a fake site.

What to Do to Safeguard Against Phishers

Start with good software that scans all incoming emails. This will help to reduce the number of messages that make it through to you.

Check the email address of any incoming mail against the address that you have on file. Often the email address is the only clue that these are phishing emails. It might be something as simple as a letter added, removed, or replaced. Check for discrepancies carefully.

Next, be sure to guard against knee-jerk reactions to emails that you receive. As always, it’s good policy not to click on links in emails. If you receive a message from the WHO, the government, or anyone else, navigate to the site on your own.

Use common sense. Does it make sense for your company to ask for banking details when they’ve been paying your salary for a while? Would the government really just reach out to all citizens to give them money, or would citizens have to apply for aid?

Ransomware Attacks

It’s not just the phishers who are working overtime. The panic works in the favour of anyone who wants to plant malware on your computer. Ransomware attacks are also on the rise at this time.

Want to learn more about protecting yourself against ransomware attacks? Hornet Security’s page on the topicprovides comprehensive guidelines for you.

Working from Home Could Put Business Data in Danger

If your business has asked employees to work from home, what security measures do you have in place? Is your employee’s home network as secure as the one at work? Are they using their own devices? If they are using their own devices, how secure are these devices?

Another question to ask is who else at home has access to the devices.

How to Better Protect Your Business Data

Employees using a public Wi-Fi network or hotspot are more at risk of being hacked. Bad actors lurk on these networks looking for unsuspecting users. Where possible, ensure that employees can use a private, secured network.

Protecting Company Data on Public Connections

If that’s not possible, they should use a VPN while online. With a VPN, the computer’s IP address is hidden. It’s not enough on its own, but a VPN could prove useful here.

Protecting Company Data on Private Connections

If an employee has their own private connection, here are some tips to safeguard your data.

Set Up Guest Users on the Private Connection

Get them to set up a separate guest user connection. They are the only ones who should know the password for this connection. This guest user shouldn’t connect through to any other linked non-essential devices. So, if they’ve got a smart thermostat, for example, they should keep it separate from the work network.

When they’re going to log into their work system, they should sign into the guest network. This reduces the number of devices that could put your system at risk.

Reduce Employee Access to Systems

It’s time to review the amount of access that your employee has to the system. Limiting access to only the systems that are critical for their work is a reasonable precaution. That way, if the system is hacked, the damage is limited.

Ensure That They Understand About Good Cybersecurity Protocols

Do your employees understand how to secure their own data? Not everyone does, so ensure that this information is communicated clearly. It’s a good idea also to write clear policies about security protocols that employees must enact.

Enable Two-Factor Authentication

Two-factor authentication, though not perfect, goes a long way to dissuade an opportunistic hacker. Google has a simple authentication app that is cost-effective and easy to use.

Final Notes

The way to cope with the potential security risks that Covid-19 brings is to maintain your vigilance. Keep sound cybersecurity principles in mind when dealing with any incoming emails. From there, ensure that you take steps to upgrade your security by using private networks, and building a multi-layered defence.

By Kamilla Akhmedova, Writer (Freelance), HornetSecurity 


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/