With more people working from home now than at any other time in recent history, cybersecurity threats are increasing.
Cybersecurity is a human problem: the person at the screen or keyboard is always the weakest point in any technical system. Attackers will use a set of techniques — broadly described as social engineering — to trick us into divulging sensitive information.
Microsoft’s cloud services reported a 775 per cent increase in demand across their platforms when strict social isolation measures were put in place.
This situation also presents opportunities for cybercriminals. Attackers have real opportunities to take advantage of the changes in our habits as we transition to working remotely, but there are several best practices that will mitigate the increased risks. The Electronic Frontier Foundation has published some useful guidelines for working remotely.
Security habits
Security habits do’s list
- Rather than sending files over email, use a shared file system set up by your employer, such as DropBox, Box or OneDrive. If you have any questions about a file or a link, check with a co-worker or your IT security department.
- Avoid opening attachments from e-mail or messaging services. Some of these are known to have experienced security breaches: for example, WhatsApp, Messenger or iMessage.
- Your contact information may be easily available online and the speed of instant messaging communications allows for rapid, unintended clicks to compromise your system, often by uploading malware. Do, slow down the pace of communications to ensure that the people we communicate with are authentic. Be cautious and reflect on the legitimacy of all your communications.
Protecting health-care organizations
Ransomware has been an increasing problem before COVID-19 and the current emergency will only exacerbate the situation.
Hospitals and other critical infrastructure are at risk of being targeted during the peak of the crisis, where government and public health officials will be exhausted by constant communications. For example, a phishing campaign directed against hospital or public health officials promising personal protective equipment has the potential to cripple some portion of the digital infrastructure that supports our health-care system.
Should a ransomware attack happen in such a situation, it would be logical for an administrator to simply pay a ransom and continue saving lives, which would only encourage future attacks.
Increasing vigilance
Before accepting anything, check, check and check again!!
We must be vigilant not to spread COVID-19, and we also need vigilance in protecting our digital infrastructure. All institutions, including hospitals and public health organizations, should have recent back-ups that would allow them to rapidly restore services in the event of a ransomware attack.
COVID-19 represents an opportunity to build better digital infrastructure that includes multiple points of authentication, such as two-factor authentication through text message or by mobile app, by default. This more resilient digital infrastructure should also include systems that do not trust each other, so attackers are unable to move horizontally through organizational infrastructure.
While this is no simple task, so-called “zero trust” architecture and multi-factor authentication will increasingly become standard practice throughout institutions, both large and small.
We must be ready to have a public conversation about the legal, technical and personal dimensions of the cybersecurity threats we will face during the COVID-19 pandemic, but we must first be equipped with the questions and issues that emerge from working online in the coming years.
Don’t keep this to yourself, send it to a friend 🙂