WFH? Digital security during a pandemic
Criminals are leveraging elevated interest in COVID-19 to send emails to unsuspecting people to infect computers with ransomware, malware or other computer viruses. And why not? According to Forbes, the COVID-19 crisis has turned the U.S. workforce into a work-from-home army, giving cybercriminals new, less secure, access points for cyber viruses and phishing attacks, revealing vulnerabilities in cybersecurity strategies for the coronavirus crisis. And since there’s a tremendous curiosity for coronavirus information — people are more likely to click without checking the credibility of the source.
An article in Computerweekly noted there used to be one criminal campaign a day worldwide; now there are three to four a day. Between March 1 and May 15, research by IBM Security Systems noted a 5,000-plus percent increase in COVID-19 spam. All it takes is one accidental click to give a criminal access to your computer and company data, compromising your information security.
While you work remotely
The ability to stay connected to home or the office while off site has never been easier than it is now. Regardless of your chosen level of connection — a complete mobile office set up versus a cell phone with email capabilities — here are four basics to improve your WFH digital security.
- Connecting to The Internet – Be selective with how you access the internet. Wired internet (or ethernet) connections are the most secure. The next safest connection is the data connection through your phone, supported by Wi-Fi. Of course, all Wi-Fi is not equally secure. WPA-2 (Wi-Fi Protected Access 2) with a unique password is likely more secure than WPA-2 with a shared password. Wired Equivalent Privacy (WEP) connections are less safe and require a less sophisticated criminal to breach. Open or free Wi-Fi is the least secure.
- Encryption – Encryption is a process where a clear or plain text message is encoded into cipher text so that only the intended recipient can decode and read the original plain text message. Encryption assures that you — and only those you wish to share digital data with — will receive the original message in a readable form. There are many levels and methods of encrypting devices, networks, messages, emails and applications. Ensure you can recognize encrypted and unencrypted websites, messages and emails and then manage the use of those systems accordingly. If a website is encrypted, “https” will precede the web address. You should look for this at every page you visit within the site, not just at the login page.
- Virtual Private Networks – VPNs can disguise your IP address and your location, making it difficult for websites, advertisers, governments and criminals to identify your specific information or data. A VPN can enhance your security if you must use a less secure or open Wi-Fi connection. The less safe the internet connection is, the more you should think about using a VPN, a security method that has increase 14% since the pandemic began according to a recent Microsoft study.
- Two-Factor Authentication – With two-factor authentication, a password and an additional authorization factor is required before access is granted. Two-factor authentication is more secure because it requires a knowledge factor (a password) and a possession factor (something the user has or receives). Business investment in this security process is up 20% worldwide, based on the same Microsoft report.
Check with your IT department to make sure you understand any new security requirements while working remotely from home. There may be additional requirements because of the expanded volume of personnel working remotely.
Pay attention to the basics, too. Don’t open anything from an unknown or untrusted source. Check with IT before downloading any software updates or patches. With online video conferencing so prevalent, make sure you set your laptop up in an area that provides no details about who you are or where you live. Whether you work from home or on the road, these tips will keep you safer from cyber threats.