Covid-19 Security risks of working from home in the time of corona virus

It is now evident that COVID-19, also know as Coronavirus, is spread globally, with Europe taking serious precautionary measures to avoid one of the end-of-the-world scenarios, not necessarily caused by the virus alone but by the far-reaching economic consequences.

We are all deeply concerned with the global health situation surrounding COVID-19. Most importantly, we are all obligated to work hard to suppress the possible consequences for the economy.

That is why a lot of businesses and organizations opted for mandatory work from home as one of those measures to help stop the transmission of the virus and try to continue business as usual.

Early Results From Forrester’s PandemicEX Survey states:

29% of US workers are afraid to go to work due to the risk of exposure to COVID-19. More than half fear the disease’s spread.”

Large technology companies were the first to switch to working from home model. Microsoft, Twitter, Apple, Amazon, and Google are just some of the companies that instated mandatory work-from-home due to Coronavirus.

However, while working from home is necessary, it can lead to serious security incidents that can hardly be overlooked.

In this blog, we will discuss:

3 most common security challenges
10 Cybersecurity tips for working from home 

Make sure to read it if you are currently working from home and forward the link to your co-workers to remind them of a few rules to follow.

Security challenges of working from home

In addition to the challenges of working from home due to different work styles, different industry types or lack of face-to-face contact, we have to keep in mind that taking our work home imposes serious security risks.

Security risks of working from home in the time of COVID-19
Source: Source: UK’s National Cyber Security Centre (NCSC), Most hacked passwords revealed as UK cyber survey exposes gaps in online security

Taking your business computer home can result in data loss or data theft since there is no way to supervise and monitor the conditions in your home. There is also a lack of the usual built-in security measures.

It raised quite a few concerns. Who has access to your home office? How safe is your network? Can someone steal your laptop?

The most important thing to remember is that you can take a lot of measures to avoid those risks by simply being responsible and on alert.

3 most common security challenges

However insignificant it may seem to an innocent bystander, true security and risk experts are well acquainted with the potential risks of using personal devices to do your work tasks or having an unsecured network.

The more employees working from home, the more different entry points there are for potential scammers or hacker attacks.

Most common security challenges

1. Unsecured wifi networks

When working from home, employees will be connecting to their home networks that are more exposed to the risk. Often lacking security measures built into the company network, such as antivirus programs and firewalls. This makes it an easier target for malware and malicious attacks.

Moreover, when having a number of employees work from home, it is inevitable that some of those employees will ignore the recommended security measures and work from outside of their home and connect to public Wi-Fi networks that are a perfect entry point for data theft or unauthorized monitoring of internet traffic.

2. Phishing scams

Hackers will more likely intensify their fraudulent activities in the near future, including phishing campaigns, relying on people being more concerned with Coronavirus.

Phishing scams are fraudulent activities aimed at stealing or (pishing) your personal information, like password, ID details, bank account details, credit card details, and others.

Hackers are already trying to take advantage of the COVID-19 outbreak to deliver malware, steal bank details and more, while Coronavirus-themed phishing attacks and hacking campaigns are on the rise.

 

PHISHING SCAMS in the time of coronavirus covid-19

In most cases, a phishing scam is conducted via emails asking you to update your personal information with a link to the site. The link will then guide you to the website that seems legitimate at first.

However, it is actually a fake website, so be sure to check the sender’s email address, check the URL address and see if there are any discrepancies. For example, the URL of your bank www.bank.com can slightly differ to www.1bank.org or similar variations while the site looks authentic.

Although you are vulnerable to phishing scams at all times, be even more conscientious when using your company’s’ laptop or other devices.

Phishing campaigns can also be conducted via SMS (SMS phishing or smishing) and landline telephone (voice phishing or vishing).

3. Using personal devices

You may be tempted to use your personal devices when working from home, either because it is more convenient or for other reasons.

Bear in mind that there is a big possibility that your personal laptop lacks appropriate security measures and backup mechanisms.

This makes you directly responsible for exposing data to the unsecured environment and increasing the risk of potential malware.

10 Cybersecurity tips if you are working from home due to COVID-19

 

10 Cybersecurity tips for working from home in the time of COVID-19
1. Do not use your personal computer 

It may seem convenient to you to use your own personal computer because you are more used to it or it performs better.

However, your computer is probably not safeguarded in a way your business computer is, which can increase security risk and cause loss or disclosure of data. However, that is not the only risk.

External devices can be infected with malware, even if you are unaware of it, and infect the secure network once you log in.

Using your own computer can also implicate some privacy risks for you. If you want to access information on your personal computer, you might be worried that the employer will be able to access your sensitive personal information.

This can also apply to the situation where you use the company computer for personal use.

2. Lock your devices

Locking your computer screen is a practice most companies adopted as a rule. Still, there is always that one person that gets into trouble for constantly forgetting to lock their computer when leaving their work station.

When working from home, this rule is even more important to obtain and the easiest way to keep your data safe. It doesn’t require much from your part, just to keep your working habits in your home office as well.

If you haven’t already, make sure to protect your business phone as well with an appropriate password. Avoid using pattern lock since it is more susceptible to different social engineering scams using video footage to replicate your pattern.

Make this your TOP priority if you share your home with a lot of other people or work from a public place.

3. Do not leave your devices unattended

When talking about security risks, we are always more focused on cybersecurity attacks, malware, or other online fraudulent activities. However, your computer can be accessed physically as well.

For example, if you are working from a remote location and leave your computer unattended, this can create an opportunity for someone to gain access to your smartphone or computer or even steal it, so be extra careful.

Once the device is taken or the computer is accessed unauthorized persons can search for data, download it to USB or delete it, and cause you a lot of headaches.

4. Use passwords

By that, we mean use strong passwords, and while you might laugh it off, we think it has to be said once again; don’t leave post-its with your password around your computer.

When looking at the most common passwords the UK’s National Cyber Security Centre (NCSC) survey showed just how predictable and unaware of potential security risks we are.

NCSC’s breach analysis finds 23.2 million victim accounts worldwide used 123456 as a password.

top 10 passwords used in 2019
Source: UK’s National Cyber Security Centre (NCSC), Most hacked passwords revealed as UK cyber survey exposes gaps in online security

Password “123456789” was used by 7.7 million, while “qwerty” and “password” were each used by more than 3 million accounts.

So use your imagination to create more elaborate passwords that include other symbols or numbers (ideally both).

For example, choose a book you have at home, and search for a book quote that would be appropriate for a password and combine it with the page number of the quote. This way you will always be able to retrieve your password by simply remembering the page number.

If you don’t have an automatic periodical reminder to change your password on your computer, set notifications on your calendar to remind you to do so. The recommended frequency can range from every 30, 60, to 90 days.

However, changing your passwords often can lead to challenges in your password management. After a while, it gets very exhausting to memorize all your passwords, so a lot of people find workaround solutions like weaker passwords, saving passwords on their browsers or start writing them down.

That is why our recommendation is to use solutions that can help you manage passwords properly, like KeePass software which can also help you create strong configurable passwords, while at the same time saving you the trouble of remembering them.

5. Avoid unsecured Wi-Fi networks

Encrypted Wi-Fi channels secure the data from interception, and safeguard connected computers or the connection from unauthorized users. An unsecured Wi-Fi connection has no security encryption.

Differentiating one from another is easy, a secure Wi-Fi network will always ask for your password. When using unsecured Wi-Fi, one of the major security risks is data interception and network intrusion.

If you are using an unsecured Wi-Fi connection refrain yourself from using your login information because your data can be intercepted by third parties. Your instant messages, emails, login information can all be intercepted.

Hosting unsecured Wi-Fi puts in danger the data stored on your company’s computers, and depending on how many unauthorized users are connected, authorized users may experience lag.

Read more about What Are the Dangers of Using Unsecured WiFi?

6. Use VPN

According to Norton VPN or Virtual Private Network gives you online privacy and anonymity by creating a private network from a public internet connection.

VPNs mask your internet protocol (IP) address so your online actions are virtually untraceable. Most important, VPN services establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot.

Most companies working remotely use VPN to secure their data and protect online privacy by encryption. The obligation to provide VPN is on the employer side, so if you are a security expert in your company make sure to enable your employees working from home to do so via VPN.

7. Beware of the phishing emails

We already mentioned what phishing emails are, but when working from home you have to be twice as cautious. This applies to spotting phishing emails as well. If you receive a suspicious email, you should:

Working from home because of the COVID-19 and steps to take against phishing emails

1. check the senders’ email address
2. check the URL of the website
3. look for poor grammar
4. do not open attachments
5. do not reply to the phishing email
6. Send a copy of the mail to the bank or credit card company that allegedly sent the email

Also, alert your co-workers so they can also be prepared if such an email crosses their inbox.

8. Use antivirus programs and firewalls

Firewalls are often referred to as the first line of defense. It is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls prevent malicious programs from entering your device or network and can block data leak.

Most likely your device’s and router have a built-in firewall, so make sure you turn them on.

An antivirus program is the second line of defense, it detects malicious software and removes it (hopefully).

9. Back up your data

Since you are more vulnerable to cyberattacks when working from home, make sure to back up your data to prevent data loss in case something goes wrong.

Your computer can be damaged, the cause can be a human factor or you can infect the system with malware. Whatever the scenario it is safer to back up your data in a secure cloud environment or on your companies servers via the VPN connection.

10. Educate and share information about cybersecurity
Most likely your company has a security officer that conducts periodical educations on cybersecurity, and maybe you attended those and think you have all the information. However, human error is the most common security risk, so it is always the best to be on your toes.
However, if for any reason you are not familiar with what your responsibilities are when working from home, ask your IT department, security expert or your supervisor for guidelines and check with them if you notice any suspicious activity.
You can also find more information online yourself. 

Be responsible

A lot of people who were not accustomed to working from home have suddenly found themselves in this situation due to Coronavirus.

Despite the panic and unavoidable concern with the public health situation, the best way you can help and contribute when working from home in the time of Coronavirus is by washing your hands and keeping your business going.

Wash hands, stay safe, and be responsible!

Watch the World Health Organization video to learn how you can take steps to prevent the spread of the Corona: