IT Security and COVID-19
Not everyone thinks that these two things have much to do with each other. Unfortunately, there are a lot of examples of confusion during this time, and a changed working day leads to unwise decisions. Sadly, some people are taking advantage of this.
In this blog post, Novicell's Security Department will share a few simple precautions you can take, if you, like many others, are currently stranded in the home office.
1. Don't stress
This is perhaps the most important. And, of course, it's easier said than done if there are restless children running around one's legs while – between Teams meetings, half cups of cold coffee, and laundry – trying to plow through your rapidly expanding inbox. But for most people, and especially for the time being, there will be a full understanding of a slightly extended reaction time.
So when an email (allegedly) comes from the manager saying that £40,000 should be transferred to an account in Switzerland as soon as possible, or when a message (allegedly) from the National Board of Health and Social Care says that there is a new ‘Digital Post’ for you, remember to take it easy and ask yourself if this would be normal if there was no Coronavirus crisis.
If the answer is anything but a clear and unambiguous ‘YES’, then it's probably worth hesitating. Call the manager and ask if they really sent that e-mail. Take an extra look at the message from the National Board of Health and Social Care and consider how often the authorities otherwise contact you via this medium. And if you want to follow up on it, navigate to the Health Board's website directly – don't follow the link in the text.
2. Use your work computer
Often, private computers are not at a level of security that matches the workplace, and they are often used by multiple people as well. In this case, it’s not only your behavior that can affect the company but also your family's.
If it’s possible to avoid using your private computer for work, and you can use a work computer for private chores, that’s the way to go!
3. Use official websites
There are a lot of websites that offer information about COVID-19, but not all of them are harmless. Cyber criminals aren’t afraid of exploiting fear and confusion to get people to do things they wouldn’t normally do.
Likewise, programs that supposedly provide live tracking of COVID-19 infection rates are also distributed, but instead they encrypt and lock your phone or computer and use them to spread malware, or require ransom to decrypt.
Instead, navigate to official and trusted websites such as: National Board of Health and Social Care
4. Be skeptical of (unknown) senders
Most people are already well aware that you need to be on alert if you receive an e-mail or text from an unknown sender who wants you to click on a link or provide information such as National Insurance numbers, credit card information, etc.
This is even more important now, as there is a growing number of phishing attacks and malicious attachments in countries that are badly affected by Coronavirus. Unfortunately, it may also be necessary to guard against seemingly well-known senders, as it is not particularly difficult to make an email look like it is from someone else. It's also not hard to get a well-known link to point somewhere else – you can have a look at this example: https://www.google.com.
If a colleague asks for something a little unusual or attaches something unexpected, remember that you don't have to stress and take immediate, rash actions. Maybe call or send them a Slack message before you do anything with the suspicious email. If it really is urgent business, they will probably have called you instead of sending an email.
So don’t panic and stay safe out there!