Over the past weeks, many of Invario’s customers have asked us for cybersecurity best practices when trying to maintain business operations during the current coronavirus crisis. With that in mind, I’ve put together these guidelines to help your company stay safe. Please share them with your co-workers or others that might be interested.
Be on the Lookout for Coronavirus Phishing Emails
There has been an unprecedented rise in the number and variety of coronavirus-related phishing emails. Hackers are attempting to profit from the current environment of fear and uncertainty by taking advantage of unsuspecting users. All of us need to stop and think before clicking on emails.
Below are a few of the red flags to look for:
- Is the email something you expected? Is it from someone you know?
- Look closely at any hyperlinks in the email. If the link-to address is for a different website, this is a big red flag. Also look for misspellings or variations of legitimate senders. You want to make sure you’re going to CDC.gov and not CDC.com
- Never download attachments from unknown sources, and don’t share confidential information such as username and password
- If in doubt, verify any requests by contacting the person or company directly. Contact the company using information provided on an account statement, not information provided in an email
- For a detailed infographic showing the tactics hackers will use to trick you, click here.
COVID-19 phishing scams have appeared in three waves. First there were phishing attacks offering basic information about the pandemic as well as spam/scam emails pushing questionable products and services. Many of these seemed to come from organizations such as the World Health Organization and the Centers for Disease Control.
The second wave brought cyber criminals trying new approaches to trick users into clicking through to malicious content. Now in the third wave researchers are seeing re-purposed standard phishing templates turned into coronavirus-related phishing scams. Our partners at KnowBe4 have posted some examples on their blog is you would like to see what these look like.
Choose Applications Carefully
Most of us are hungry for information right now. However, it’s important to be wary as hackers are developing applications that look legitimate but are actually malware. For example, researchers discovered an Android app called “corona live 1.1,” which pretends to be the real “corona live” app and even uses the Johns Hopkins coronavirus tracker, a legitimate resource for tracking infection rates, death counts and recovery rates around the world. However, the malicious 1.1 app tracks the user by getting access to the device’s photos, videos, location and camera.
Even when you are using a known application, such as Slack or Zoom, be aware of the app’s data retention policies. These may pose a security risk if you’re not careful. For example, Slack retains all the messages in a workspace or channel (including direct messages) for as long as the workspace exists by default.
Cybersecurity Best Practices for Remote Access
The best telecommuting scenario from a cybersecurity perspective is to use a business-provisioned computer complete with a full security stack and secure VPN or cloud file access. Don’t let family or friends access your work device. Keep it with you, or stored in a secure location, at all times.
If you are using a personal computer to access business files from home:
- Verify that the operating system is updated with the latest version. We recommend upgrading to Windows 10 if possible, as Windows 7 Is now out of support and may pose a security risk.
- Have the latest version of your antivirus software installed and running.
- Set your computer to auto log-out in case you walk away and forget to log off.
When accessing work accounts, connect to a secure network and use a company-issued Virtual Private Network (VPN) or a company-approved secure cloud solution. Your company may require multifactor authentication for secure access to VPN. At the very least, a strong and unique password is a must. Don’t connect to public WiFi to access work accounts unless you are using a VPN. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase.
Your Invario Team is Here to Help
Like many of our customers, the Invario team is currently working remotely and practicing social distancing. That doesn’t mean we are not available to support our IT customers. In fact, we have been busier than usual getting end users set up with remote access. If you need support, just send an email to help@invario.net or give us a call.
Feedback
If you have questions about this article, or if there is an IT topic you would like to know more about please email me your suggestions.
Referral$
If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.
That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.