The COVID-19 pandemic has created a new environment unlike anything we’ve ever seen before. Since we have all been spending more time at home, we have been online more often. This proliferation of online work and school has created much opportunity for increased cyberattacks to occur. Unfortunately, there will always be those who will take advantage of others in situations like these.
In this guide, we will discuss the ways that the coronavirus pandemic has changed our online lives forever and how to stay safe while enjoying time online.
Staying Safe Online While Working or Schooling from Home
When the masses were told that they must stay home, many people were forced to work, or study, from home. Not everyone’s home office equipment is as well protected as their brick-and-mortar office equipment, or school computers, however. This has created opportunities for hackers to infiltrate systems and networks like never before.
Not only are more people now working from home, but the transition companies had to make to allow them to work from home occurred rapidly. This created many security holes and lapses that have yet to be fixed. Per CSO’s Pandemic Impact Survey, 61 percent of security and IT leaders are concerned about an increase in cyberattacks resulting from employees working from home. More than 25 percent have seen an increase in cyberattacks since mid-March, when many began working from home.
One of the most important things that you can do to protect yourself when working from home is to use antivirus software. Most of us already have this type of software installed, and some computers come bundled with them. In addition to the regular antivirus programs, there are special programs you can purchase to give you added protection, such as:
- Malwarebytes, which has a free 14 day trial and then costs $30 per year per device. It protects your PC from viruses and malware attacks, and you can scan your PC for malware on-demand
- Norton 360 with LifeLock Select, which is an antivirus subscription for Windows platforms that costs $100 per year for five devices, including PCs, android and iPhones and iPads. Norton’s security suite offers backup to the cloud, a VPN, safe browsing tools, password manager, and identity theft protection and fraud alert via LifeLock.
Another important component of working from home is the increase in people using virtual meeting services. Those who develop virtual meeting software, like Microsoft Teams and Zoom, have built in protections to the programs. Meetings can always be “crashed,” however. If businesses take some of the following precautions, they can prevent unwanted intruders into their virtual meetings:
- Make sure to give each meeting its own unique access code. Reusing access codes or meetings without access codes invites others to crash them
- Use a waiting room and don’t allow the meeting to begin until the host enters. The host should also be responsible for allowing each person into the meeting.
- Only record the meeting if absolutely necessary
- Disable features that will not be needed for the meeting, such as screen sharing, chat or file sharing
- Don’t post login credentials for meetings on publicly accessible platforms such as social media
- Use a PIN to keep others from crashing your meeting
- Limit who is able to share their screen during the meeting and remind participants not to share sensitive information with others
Teaching employees some basic tips to prevent cyberattacks can also be proactive when protecting those working from home. Instruct employees to never click on links from unknown or untrustworthy sources. These can be found in emails and even in chats during virtual meetings. Employees must always keep on the lookout for fraudulent links and not click on anything and everything they receive.
Also teach employees to secure their home networks and protect them from online cyberattacks. Using a VPN can help, and so can the following measures:
- Using smart password management and two-factor authentication
- Enabling automatic updates for routers and modems
- Turn off WPS and UPnP
- Turn on WPA2 or WPA3
- Configure the router’s or modem’s firewall with a unique password and enable the firewall
Refer to the CIS Controls Telework and Small Office Network Security Guide for more information.
Keeping Kids Safe from Online Predators
Another hazard that has increased since COVID is online predators who prey on children on the Internet. As kids are using the Internet more often now, with schooling from home, they are at a higher risk of exploitation by predators. The Federal Bureau of Investigation (FBI) has provided some tips to help keep kids safe online:
- Be familiar with all websites, apps, software, and games that your child uses
- Monitor your kids when they are online, making sure that electronic devices are in an open area of the house where you can see them
- Use parental programs, if available, to monitor and limit your kids’ time online
- Check your child’s gaming and social media posts and profiles, and talk with them about what they should and should not share online
- Explain to kids that once images or comments have been posted online, they never really disappear
- Make sure that your kids are using privacy settings to restrict access to their online profiles
- Tell kids to be wary of strangers online and not to communicate private information to them
- Tell your kids that they can never arrange to meet up with someone in real life who they met online
- Tell your kids to tell you if anyone threatens them online, as any threat is a crime
- Report any inappropriate online conduct or contact between adults and your child to law enforcement immediately
Protecting Your Data and Privacy
Protecting your private data online is more important now than ever, as we are all spending more time online than ever before. The above tips about antivirus software and protecting yourself while online all apply to protecting your private data as well. Cell phone companies are now tracking their users’ movements and trying to use this data to limit the spread of COVID-19. While this is done with good intent, it is easy to see how this type of information could be exploited. The United States does not currently have a law about data privacy as Europe and other countries have, making data privacy even more difficult to maintain and enforce. Make sure not to share your private data, including health data willingly with others unless you are certain of who is receiving that data (i.e., your physician’s office).
COVID-19 Financial Scams
Financial scams have proliferated online in the wake of COVID-19. It seems that every other day, pleas are made online and on social media asking for financial help. It’s not always easy to tell which are real and which are not. Remember to never click on links from unknown sources, even if you receive them via email or text from a known source. Don’t click any unsolicited links. Before giving financial aid to anyone through GoFundMe.com or another platform, check it out thoroughly, and only trust platforms with which you are familiar.
COVID-19 Email Scams
Another type of scam that has become all too common during the pandemic is email scams. Unsolicited emails prompting the receiver to click on a link or attachment should be deleted without interacting with them. Some of these emails can look like they are from reputable sources, such as the U.S. government, but are not. Remember, you will not be asked via email for any personally identifying information from any legitimate government agency. This includes the Centers for Disease Control (CDC). Furthermore, don’t trust an email just because it purports to be from your workplace. Hackers can use employees’ workplace email accounts to hide links that, when clicked, will cause your computer to download malicious software. Beware of anything with a generic greeting not targeted to you, any email that implores you to act now, and emails with spelling and/or grammatical mistakes – all of these are likely phishing emails and should be deleted immediately. Bottom line, don’t click on any links in emails unless you are certain of the sender and of the link’s reputability.
COVID-19 Website Scams
Fake domains have also arisen as a result of the COVID-19 pandemic. Some of them have names like wheresmystimuluscheck.com, using information that people might be searching for to lure them into clicking on fraudulent websites. Ignore these websites and only trust legitimate sources like the ones listed below.
Trusted Sources for COVID-19 Information
You can’t trust just anyone for information on the COVID-19 pandemic. Criminal hackers are distributing fake information through emails, websites and attachments on a grand scale. Ignore any online offers for home COVID testing, vaccinations or anything medical related, as they are likely scams. If you receive a robocall relating to COVID or health insurance, hang up immediately. Don’t click on any links from sources you don’t know. Trust websites such as the following for valid, up to date COVID-19 information:
- https://www.coronavirus.gov/ (Coronavirus.gov)
- https://www.cdc.gov/ (Centers for Disease Control)
- https://www.who.int/ (World Health Organization)
- https://www.usa.gov/coronavirus (Government Response to Coronavirus, COVID-19, including trusted links for information)
- https://www.fda.gov/home (U.S. Food and Drug Administration)
- https://www.cisa.gov/publication/joint-cisa-and-uk-tip-covid-19-cyber-threat-exploitation (Joint CISA and UK TIP on COVID-19 Cyber Threat Exploitation)
- https://us-cert.cisa.gov/ncas/alerts (CISA Alerts)
Also, check out these free tools to help protect you online:
- Quad9 DNS – blocks suspicious requests from your system to malicious domains or IP addresses
- KnowBe4 Ransomware “RanSim” Simulator– checks your existing network protection against ransomware
- Shodan – finds vulnerable devices on your network
- Censys – finds vulnerabilities on your network
Following the tips and tricks above can help to protect you during the increased amount of time you’re spending online due to the COVID-19 pandemic.