Updated: Jun 9, 2020
Working from home has become a necessity, the new normal. Some employers have also kept a portion of their staff at home even beyond the pandemic.
Looking back, many organizations, on short-notice, had to scramble to provide remote solutions for their staff. In doing so, it has created security holes. Below are security tips that should not be overlooked.
Government - As a society, we are very trusting. But we have to remember, as we trust, we should also verify. Criminals have been using the pandemic as an opportunity to pretend to be the government. They are asking for money to provide COVID-19 financial and testing relief. The FBI says, “If someone reaches out to you directly and says they’re from the government helping you with virus-related issues, it’s likely a scam.” Also, be wary of coworkers asking for help via email. Kindly, send them a message before responding or clicking any attachments.
Fake Websites - New websites have been popping up to scam people out of information or money. They have been impersonating government sites, shopping sites, COVID-19 maps, and more. Check the domain name of the site prior to visiting or clicking. For example, calvinklein.com is different from calvinklien.com. For COVID-19 resources, only view sites that are from legitimate sources, such as a .gov site or news outlets that you are familiar with. Some websites claiming to track COVID-19 cases have maps that criminals used to infect and lock your device until you pay them. Don't click on any links in emails that are out of place. Visit government websites directly for trustworthy information
Phishing, Vishing, and Smishing
You might have heard of phishing, but what about vishing and smishing. The difference between them below:
Phishing - is a social engineering technique used to trick someone into giving private information or sending them to a site that will download malicious software via email. For example an email that looks as if it is from a legitimate person asking to pay an invoice.
Vishing - is a social engineering technique used to trick someone into giving private information via a phone call. For example, an automated message is played to alert the consumer that their credit card had a fraudulent activity or that their bank account had an unusual activity. The message instructs the consumer to call a specific phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent.
Smishing - is a social engineering technique used to trick someone into giving private information via a text or SMS message. For example, receiving a message stating they are FedEx or Amazon, and you need to click the link to update your shipping preferences because there was an error.
Solution: Do not click or follow the instructions of the message. If it is legit, contact the person directly in a separate message. For phone calls, hang up and call the institution directly.
Home Office Solutions
Create a dedicated space where you can work without distractions
Make sure you can lock your computer and devices when not in use
Set boundaries with your family members and don’t allow company-owned devices to be used for personal use
Change your default Wi-Fi router password
Make sure your local router firmware is up to date
Confirm that your devices are secure with company-provided or personally owned antivirus and anti-malware
If you have smart devices (IoT), make sure they have updated firmware
Make sure all devices on your home network are up-to-date with the latest software
Review and follow your corporate Bring Your Own Device (BYOD) and other required policies and procedures
Be aware of eavesdropping when having conversations in a public place to avoid exposing confidential information
Limit the use of public Wi-Fi
If using public Wi-Fi, make sure to use a VPN when sending or accessing sensitive information
Apply a screen protector to your device to hide your screen from wandering eyes
Limit social media use on devices meant for business use
Don’t reveal business itineraries, corporate info, daily routines, or other information that could help criminals craft dangerously specific phishing emails
Want to learn more? Feel free to reach out!