Netflix and other popular video services have become the new form of entertainment as working from home becomes the norm.
So when a colleague or friend forwards you a message that offers you a free account or three months free viewing, the primary response is to sign up immediately, after all it is three months of free viewing.
The reality of the matter is that it is a scam and most people will go ahead and input personal details and credit or debit card details as requested by the links.
There are also those emails and alerts providing more information on Covid-19 and promising vaccine or a care kit at a small fee.
“The biggest risk is the phishing wave that is going around. Attackers are finding innovative ways to leverage the anxiety and panic around Covid-19 to send out phishing emails to unsuspecting individuals.” Says Jeff Kirumba, a technology consultant.
“They can usually pose as alerts on the pandemic and are often indistinguishable from legitimate alerts that may be sent out from your company or other legitimate sources such as WHO.”
Ensure that the antivirus on your computer is updated, use strong passwords and multi-factor authentication where applicable; be very vigilant about emails, text messages or calls that may ask you to take unusual actions such as clicking links to access information, opening certain attachments or providing personal information such as PINs and passwords.
Ensure that you only open emails and attachments from email addresses that you recognise, and if you’re not sure whether the email sent to you is from a legitimate source, report it directly to your IT team for verification; avoid downloading content from unapproved sites such as torrent sites. These downloads often contain trojans that may infect your computer and even your work network and computing resources with viruses or ransomware and finally, ensure you use collaboration tools (chat, work tracking and conferencing) that are encrypted and have been tested and approved by your organisation.
Facebook, Google and Indeed were among the very first companies to ask their employees to begin working from home when Covid-19 became a global threat. Just a few weeks in and with Covid-19 continuing to ravage the globe, more and more companies have been forced to, as a matter of urgency, think about the best ways to sustain their productivity even as employees have to work from home.
Cyber-scam and hacking
The unprecedented traffic on the internet definitely raises the question of cyber security.
“Of course, flood gates are open for cyber-scams and hacking attempts and organisations have to be vigilant,” says Dr Ken, Okong’o, Data Protection and ICT Policy Expert.
More and more meetings now happen virtually through software such as Zoom, Google Hangouts and Skype; and other forms or online communication and file sharing have become the order of the day.
“The change of work location to the home setting presents a ripe opportunity for ‘social engineering’ attacks from family where they are likely to access unauthorised information. They can also eavesdrop or intercept your connection. Thus, organisations have to invest a lot more effort in pivoting from office workstations to laptops at home,” notes Chrisgone Adede, a Data Science Expert.
Without belabouring the point, as a matter of urgency, organisations and individuals must adopt best practices to maintain safety of data and employees even as working remotely continues to be the obvious fallback option.
“In our current context, organisations that support remote working face increased risks due to the volume of external data traffic they have to handle. The data increases the surface of attack for malicious actors, who may either try to directly intercept information as it is being transmitted over the internet or through breaching individual endpoint machines,” Kirumba, a technology consultant says.
These threats as Okong’o adds, could either be internal or external to the organisation, with contributing factors including things such as unsecured infrastructure like Wi-Fi networks and use of personal devices to access corporate networks in the absence of policies governing remote working.
Another important area of note is your home router. How often do you change the password? An attack on the router is an attack on all devices connected to it.
“Home routers should have their passwords reviewed on a regular basis. Often, many people do not even change the router password at all and this makes the home network very vulnerable and so malicious parties can always gain access to the devices connected on the router,” says Okong’o
Well, are you in the league of people who do not know the extension or email address to your organisation’s IT department? Rectify that omission as a matter of urgency because you need to familiarize yourself with the additional measures put in place to protect you while you work online.
Organisations also need to take some critical steps by either updating or enforcing IT policies to ensure their cyber security posture is not threatened.
“To begin with, organisations that have not done so already need to implement remote access virtual private networks (VPN). These dial-up network have remote users with client software installed in their machines and so together with network access server, this enforces multi-factor authentication measures. Forced software update strategy is also a plan. When software are updated, only authorized versions are allowed into the corporate network,” explains Adede.
So the next time you see your computer prompting you to update a software, press “okay”, this is for your online safety. Adede also advices that, when employees need to use additional devices such as smartphones to supplement the office PC, it is important that organisations take some time to create awareness on this front to ensure devices brought into the networks to supplement work laptop come with some form of protection such as robust antivirus software or customized firewalls so that there are no spaces for invasion by malware.
“Though often the automatic updates annoy, they really are imperative for the security of organizational informational assets as they include patches for security vulnerabilities uncovered since the very last iteration of the software as released. In any case, these can be set to run automatically, often while asleep so that you are unworried about downtime,” says Okong’o.
In conclusion, therefore, there are increasing risks in the cyberspace now that traffic is bursting at the seams and if you do not take the necessary steps, it is a matter of when and not if, the attacks come.