COVID-19: How you’re at cybersecurity risk as you work remotely
Observing social distancing amid COVID-19 spread may not be enough at this time, you need to also consider observing some precautions on the cyberspace as you work remotely.
With COVID-19 compelling workers to carry out a significant portion of their workload remotely as health officials wage war against the deadly virus, an Israeli cyber-security company, Cynet has said this development is introducing an exploitable opportunity for cyber attackers. They have unleashed a new war on the cyberspace which has led to a spike in cyber risks in the past few weeks.
As you’re moving your office to your homes, establishing remote connections and devices you have never used for official work before, hackers are also hard at work, strategising and unleashing new attacks to achieve their usual objectives – to steal from you and spy on you. They do this by easily concealing a malicious login without being detected by your organisation’s security team (don’t forget you’re not working under the cyber cover of your organsation).
The United States Computer Emergency Readiness Team (US-CERT) also sent out alerts on scams tricking people into revealing personal information or donating to fraudulent charities, all under the pretext of helping to contain and manage the coronavirus.
In Nigeria, a broadcast message saying the Federal Government plans to pay all Nigerians N8500 to work from home has been circulating on WhatsApp since Saturday and we can’t say how many Nigerians have fallen for the scam.
The message read:
“FG has agreed to pay #8500 to all citizens to stay at home for this one month starting from 30th March, 2020.
“If you have your voters or National ID card, follow the link below. Put in your NIN or voters card Serial No. Note: The name on your ID must correspond with the one in your bank account i.e BVN. Register and send to others.”
When Neusroom checked the link in the false broadcast message, we discovered it’s another phishing website hosted on Blogspot (Google’s free hosting site for bloggers). The FG will never host a domain on Blogspot to gather the data of its citizens.
While more of such attacks are increasing, Trendmicro, a global cybersecurity company said its customers in the Europe, Middle East and Africa region have had the most attacks at around 130,000 for coronavirus related malware and spam emails in the first quarter of 2020.
“Cyberciminals are quick to pounce on people’s fears like other criminals and an increase in phishing attacks have been reported since the coronavirus outbreak. Shopping scams (fake commerce sites selling face protection masks and sanitizers), identity theft among other social engineering attacks are on the rise. Nigerians working from home need to adhere to strict security protocols concerning login credentials management and recognition of suspicious mails. As with other social engineering threats, the best defence is proper education and training of cyber users especially in this adversarial environment induced by the coronavirus pandemic,” Dr. Adebowale Ajayi, a computer scientist and lecturer at Babcock University, Ogun State told Neusroom.
How to stay safe on the cyberspace as you work remotely:
Ajayi said people working from home must avoid visiting unsecured websites (sites without Https in the URL) for coronavirus related activities which are not limited to: crowdsourcing relief sites, protection kits and sanitizer sales sites.
He listed the following precautions:
Mails containing coronavirus themes should be avoided too.
Mails containing ransomwares and other malwares are in circulation and require early detection to save organisations from huge financial losses or brand damage.
Rule of thumb is to check the mail domain (legitimate organisations will not use public domains like gmail.com)
Check if the domain names are misspelt.
Check if the email is well written and contains a sense of urgency.
Finally, if the mail contains attachments and links you are advised to avoid them.
