Cyber criminals are using the COVID-19 coronavirus outbreak as an opportunity to defraud and hack unsuspecting victims. As more companies are taking steps to keep their employees safe while maintaining business operations, many employees have been given the opportunity to work from home, which for some may be unfamiliar territory. Often, home computing environments are not equipped with the same level of cybersecurity protections as the office environment, and with normally scrupulous people being fearful during this time of uncertainty, their guard can be let down opening the door for hackers to attack.

Below are some of the cybersecurity threats that remote employees are currently facing and some best practices to follow while working from home.

COVID-19 Cybersecurity Threats

• Phishing Scams: Hackers are attempting to lure users by emailing and texting information about COVID-19 cures and conspiracy theories or messages claiming to be from HR or their company executives. Avoid unsolicited emails and SMS messages that appear to contain a link or attachment with COVID-19 information.
• Malicious Websites: Over the last month, there has been a massive spike in COVID-19 related domain registrations both for legitimate and illegitimate use. Accessing COVID-19 information such as fact sheets from untrusted resources could lead to the installation of malware on your computer or an attempt to steal your login credentials. Avoid COVID-19 websites that you are not familiar with and only obtain information from known, trusted resources such as the Centers for Disease Control and Prevention (CDC). Especially avoid the popular interactive COVID-19 visual maps and dashboards from unfamiliar websites.
• Fraud Scams: Scammers are taking advantage of people looking to stock up on items such as hand sanitizer and surgical masks. Avoid purchasing these supplies from unfamiliar websites or online stores that appear “too good to be true.”

Remote Office Work Best Practices

• Perform a Technology Stress Test: Employees should have the ability to handle phone calls, access emails or company documents, and attend meetings remotely using their work laptop, home computer, tablet, or cell phone. Test your home Internet connection (and company VPN) routinely using these devices to ensure connectivity.
• Connect to Secure Wi-Fi Only: Public Wi-Fi networks or non-password protected neighboring wireless networks carry inherent security risks if you connect. If you do not have access to a secure wireless network, request a portable mi-fi device from your company or utilize your smartphone to create a personal Wi-Fi hotspot.
• Use Secure Connections to Office Systems: If you need to access sensitive company systems or share confidential data, you should use a secure connection such as a VPN or Remote Desktop Protocol (RDP), along with two-factor authentication. (Ask your company’s IT to configure these.)
• Utilize Team Collaboration: Employees should leverage team collaboration tools such as Microsoft Teams, Slack, Skype, or Google Hangouts, to communicate with team members. These tools also allow the ability to collaboratively work on documents. When sending large files or documents containing confidential or sensitive information, consider using a secure FTP such as ShareFile or FileZilla. Always remember to use two-factor authentication with these platforms.
• Protect Company Data: Always backup and save confidential, work-related data only on authorized company computers and avoid storing on personal computers. Utilize company cloud storage or network drives for storage, if available.

Contact T&M’s Cyber Incident Response Team in the event you have fallen victim to cyber-attack during this global pandemic.