Improving your cyber hygiene during the coronavirus pandemic
Back in December, self-proclaimed futurists bombarded our news feeds with predictions for the year ahead. But Q1 set the tone for an alternative narrative that would be dominated by ubiquitous phrases such as "social distancing" and "self-isolation." Despite washing our hands while singing the "Happy Birthday" song twice, it wasn't enough to slow down the global pandemic.
As we enter the second quarter of 2020, there is an increasing realization that we need to clean more than just our hands, smartphones, tablets, keyboards, game controllers, and remote controls. As remote working at scale becomes the norm and skeleton IT teams focus on just keeping the lights on, we all now need to step up to our responsibilities by improving our cyber hygiene too.
An unprepared and unsuspecting workforce is an easy target for cybercriminals with nefarious motives. Many will be looking to capitalize on the global pandemic and turn our fear into an opportunity to launch a different kind of virus.
Unsecure home Wi-Fi networks
While much of the world is on lockdown, members of the global community are now spending an unprecedented amount of time using their home internet connection. The concern for corporate IT teams will be around the number of home routers that will still have the default admin username and password settings.
Have you protected your home router with a long, complex password? Does your home wi-fi password meet PCI compliance password requirements? And have the system firewalls been activated on your router? These are just a few security responsibilities that are managed in your office. But they are often neglected in the average home.
Family members downloading pirated movies and visiting risky websites are also everyday occurrences that, if not taken seriously, will result in poor cyber hygiene.
Keeping your email safe by improving your cyber hygiene
The inconvenient truth for business owners right now is that their employees’ primary concern is the health and safety of their families. Data security is understandably not on their list of priorities right now. But this is the exact reason why remote workers need to be on their card against fake coronavirus messages with infected links or contain corrupted attachments.
Email is often the weapon of choice for attackers due to the ease with which it can deliver emotional triggers that cause people to react quickly without thinking. Anything that threatens users with a loss of service, financial penalty, or closure of an account should be treated as suspicious from the outset.
Some attackers will even go as far as creating a webpage that looks identical to a business. An email from someone impersonating an IT manager will then attempt to trick users into sharing their usernames and passwords. Good cyber hygiene involves simply scrutinizing every link and attachment before clicking and opening. If in doubt, forward to your IT department for review.
How safe are your video conferencing settings?
Just because everybody is working from home, it doesn't mean that employees can finally escape the dreaded curse of back to back meetings. But work meetings are now moving entirely online. Even UK Prime Minister Boris Johnson tweeted a picture of himself chairing a Cabinet meeting via Zoom, which has become an emerging threat to Microsoft during the crisis.
However, employees need to be aware of a few settings that will improve their cyber hygiene when hosting online meetings. For example, in the settings of Zoom, hosts should enable the "authenticate users" feature to ensure that illegitimate users cannot join the call and hear sensitive corporate information.
Users should also be very wary of accepting files through any video conferencing application, as most of them do not scan malicious files before transfer. In the event of an attendee requesting to access your desktop remotely, you should also ensure that you remember to disconnect the access immediately after the activity is completed.
The dangers of staff using personal devices and personal accounts
When inside the office, IT teams act as guardians of the corporate network and ensure that critical security updates are applied to computers and company smartphones. In the home, users are often guilty of hitting the remind me later option when prompted by their personal laptops, tablets, and phones.
Personal devices seldom have screen saver timeouts or have password protection. Even those that do are likely to have weak or compromised login credentials. It can also be tempting for remote workers to use their personal email and cloud storage accounts to transfer corporate data.
When using the third-party instant messaging platforms for sensitive discussions, many are blissfully unaware of the risks and potential consequences. Collectively, the bad habits picked up when working from the comfort of their homes, result in poor cyber hygiene.
Cyber hygiene in a post-COVID-19 world
Traditional businesses have been forced to drop their guard and allow every employee to work from home. The genie is out of the bottle, and there is no turning back now that almost every employee has experienced greater flexibility. The next step would be for business processes to begin migrating online in a bid to increase efficiency further.
Unfortunately, cyber distancing is impossible for businesses. Employees now expect the ability to drift between their office and home seamlessly without any friction. But the Netflix effect will present cybersecurity companies with endless opportunities to showcase innovations that increase hyper-vigilance both in the office and at home.
Businesses of all sizes are currently taking steps to promote good hygiene and protect staff from the Coronavirus outbreak. But in a post COVID-19 world, we should expect cyber hygiene to take centre stage as the focus inevitably shifts towards enhancing cybersecurity through robust security controls and employee training.