COVID-19 has ushered in a great work-from-home experiment for the United States and most of the rest of the world. Some vocations are unsuitable for remote work, and we should all applaud those who continue to put themselves in danger to undertake work that helps the rest of us.
On the other hand, a sizable portion of the US workforce is now sitting from home with a computer, attempting to do the same work they were previously doing in the office. Some of us have worked from home for years, while others may be doing so for the first time. In either scenario, being aware of the security implications of remote work is beneficial.
Cybercriminals are well aware that a massive army of students and workers have relocated their workplace from the controlled atmosphere of an office building to their home. According to the following reports, cybercriminals see this as a chance to exploit the newly expanded attack surface.
According to KrebsOnSecurity, a Johns Hopkins University interactive dashboard of coronavirus cases and deaths is being used in malicious websites.
Dynamic ARP inspection is a security feature that can aid in the mitigation of faked ARP packet attacks. Invalid ARP packets can be dropped by checking that all ARP traffic on a network is valid, helping to defend your network against attacks that use faked or spoofed source IP addresses.
According to Threat Post, "in a recently revealed campaign dubbed as 'Vicious Panda,' an advanced persistent threat (APT) gang is utilizing the coronavirus pandemic to infect victims with previously undiscovered malware." In this scenario, spear phishing emails purport to deliver coronavirus information but instead infect the machine with a remote-access Trojan.
The World Health Organization has issued a warning to be wary of groups claiming to be the World Health Organization, alleging that "criminals are masquerading themselves as WHO to steal money or sensitive information."
These are nine steps you may do to lessen the likelihood that your computer or data could be compromised:
Safeguard your computer and utilize it wisely: If you are using your own computer, ensure sure you have the most recent security patches for your operating system and the software you are using installed.
Employ a VPN (Virtual Private Network): Many businesses provide VPN services to remote employees. A VPN establishes an encrypted communication connection between your computer and a secure network. Hackers cannot sniff the wireless network for sensitive data or passwords because the channel is encrypted. Even if your organization does not provide a VPN, free VPNs are available (search the Internet for reviews)
Passwordless authentication should be used: FIDO2 Authentication, which is based on free and open standards from the FIDO Alliance, allows password logins to be replaced with secure, fast, and simple login to websites without passwords. FIDO2 necessitates a test for human presence, which can be achieved with any of the following (referred to as authenticators in FIDO jargon):
- a fingerprint scanner built into a laptop computer
- a security key that connects to your PC and your mobile phone
- Greetings, Microsoft Windows
Make use of strong passwords: Almost 80% of data breaches are caused by weak passwords. If you must use passwords, make sure they are unique and strong for each site. A password manager is a crucial tool for managing those passwords. 1Password and Lastpass are two good password managers.
Before you click, consider the following: Phishing is a technique used by cybercriminals to convince people to disclose data and login credentials, generally via email, instant message, or text message. As the number of people working from home increases, phishing emails will target remote workers in an attempt to steal personal information or obtain access to company accounts. Be wary if you come across any of the following:
The sender's email address contains misspellings.
improper grammar in the message's subject and body
Hover over links to determine if you completely trust the URL.
If you have any doubts, contact the sender using a phone number or email address obtained from a source other than the suspected email.
- Make a backup of your data: Aside from the conventional reasons for backing up your data, ransomware might encrypt your local machine and then demand money to recover your data.
- Protect your home router: Do you remember if you changed the default password on your router when it was first installed? If you haven't already, you should. Encryption should also be set to WPA2 or WPA3.
- Secure your device: It's a good idea to always lock your screen when you leave your computer. Even at home, a child, a cat, or a roommate can accidentally bump the right combination of keys, sabotaging your job. You can also set your screen saver to lock the screen after a particular amount of time. This implies that even if you fail to lock the screen, it will do so automatically later.
- It's an excellent moment for IT experts and business leaders to re-evaluate your company's security requirements: With more people than ever accessing to your systems remotely, the potential of breaches from both purposeful and unintentional access has increased. Encrypting your critical data reduces the impact of a data intrusion from devastating to unpleasant.
- In the United States, the widespread adoption of social distancing has resulted in a major exodus of the workers from the office to the home. Cybercriminals, always on the lookout for a fresh opportunity to exploit, are seeking to capitalize on the disruption before the people adjust to the new work-from-home reality. Implementing the measures outlined above will assist in thwarting cybercriminals' attempts.
