Security Hygiene: Tips for WFH during the COVID-19 Crisis

Earlier this month, U.S. Attorney Scott Brady said, “The closest analogy is the kind of fraud that we saw relating to Hurricane Katrina. I think we are really going to see an unprecedented wave of cyber attacks and cyber fraud.”

Coronavirus Scams at Every Turn

Fraudsters, from individuals to organized criminal groups to nation-state sponsored threat actors, are preying on public fear and anxiety to generate an onslaught of COVID-19-related cyber scams. The FBI warns consumers to be on the alert for:

• Emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to provide information on the coronavirus. Criminals can use embedded links or attachments to infect your computer with malware to steal personal data or with ransomware that locks your computer until you pay up.
• Tracking apps and websites that claim to chart the spread of the virus worldwide, such as CovidLock, a malicious Android app that was actually ransomware in disguise. And cybercriminals could use a John Hopkins University website that tracks the spread of the coronavirus worldwide to distribute malware. What’s more, experts say “coronavirus-themed” domain names are 50% more likely to be malicious than other domain names.
• Phishing emails asking you to verify your personal information so you can receive money from the government in the form of an economic stimulus check. The FBI points out that agencies do not send unsolicited emails asking for your personal information to send you funds. Other phishing emails may also ask for charitable contributions; offer airline refunds; or promote fake cures, vaccines, or testing kits.
• Counterfeit treatments or equipment. Beware of any products that claim to prevent, treat, diagnose, or cure COVID-19. Also, be wary of counterfeit products like sanitizing products and Personal Protective Equipment (PPE). These include N95 respirator masks, goggles, full face shields, protective gowns, and gloves. In fact, the Federal Trade Commission (FTC) and the U.S. Food and Drug Administration (FDA) recently sent warning letters to seven companies for deceptively claiming their products treated or prevented COVID-19.

How to Protect You, Your Family, and Your Employees from COVID-19 Online Scams

These scams come at a time when we’re most vulnerable, both emotionally and from a security perspective. Our homes are less “cyber-secure” than our workplaces, putting both personal and company data at risk for data breaches. State-sponsored attacks and organized-crime sponsored attacks target companies to make a profit now and also to use that data at a later time.

We have to be more vigilant than ever to defend against cyber attacks. “Just as we’re asked to practice good hygiene to protect our health, we need to practice good hygiene from a cyber standpoint,” says Tom Kelly, CEO of IDX.

In a recent radio interview, Tom shared some best practices to defend ourselves against coronavirus cyber scams.

1. Verify the sender of an email before clicking on an embedded link or opening an attachment. If needed, reach out and ask the sender via another channel if they sent it to you. And as the Cybersecurity and Infrastructure Security Agency (CISA) warns, never share personal or financial information through email, nor should you respond to email requests for this information.
2. Secure your home network with patches or updates. You want the most current software that fixes the latest known vulnerabilities. Hackers use these weaknesses to install malware that sweeps data off your computer.
3. Use a virtual private network (VPN) to conduct business—especially when using public WiFi. Connect with your employer’s IT department to make sure what you’re doing at home coordinates with their policies. VPN usage has surged recently—more than doubling in some countries hit by the coronavirus.
4. Reset your passwords. Avoid using the name of your pet or family member or other personal details because much of that information is readily available online.
5. Stay informed of the latest scams, whether or not they’re related to COVID-19. For example, hackers breached and placed malicious code on Tupperware’s website to collect buyers’ payment card information. This code is known as a web skimmer or e-skimmer.

Of course, we should practice good security hygiene all the time, but certainly more so during this time of crisis and uncertainty. We need to be alert when engaging online and never underestimate our vulnerability to virus-related digital attacks. We invite you to share this information with your colleagues, friends, families, and employees. If we are wise and take care of each other—from a safe distance!—then together we can weather this storm.