Cybersecurity During Covid-19



COVID-19 & Technology Solutions

PC Network Solutions will continue to monitor the situation and update this page with any pertinent information as it becomes available.

A global pandemic.

As of April 3, 2020 – every continent except for Antarctica has reported at least one confirmed case of the coronavirus outbreak. With over 1,350,000 people affected so far, businesses around the world are painting a bleak picture due to disruptions caused in their supply chain, manufacturing and even not being able to come to work in affected areas. Consumers are also scaling back on their purchases further hitting the bottom line of many corporations.

Due to the effects that the current global pandemic has had on the workforce, forcing so many to work from home, we have come across a number of questions and concerns from clients. In hopes to address some of the most important topics we have created this page as a funnel for information.

Cybersecurity Tips for Staff Working Remotely During Covid 19

Please make sure that before you take your own measures to protect your online security, you should check in with your employer or you Managed IT service provider to see if they have any protocols in place. In light of the COVID-19 crisis, many companies are hastily putting together work-from-home plans. They may be able to provide you with specific directions on how to handle certain aspects of cybersecurity and perhaps provide access to some of the tools you need.

Thankfully, even if your employer doesn’t offer such protocols, or if you are self-employed, there are some simple steps you can take to protect yourself while working from home:

1. Use strong passwords.

It’s as important as ever to ensure that all accounts are protected with strong passwords. Unfortunately, many people still use the same password across multiple accounts. This means that all it takes is one compromised password for a criminal to take over all your accounts. They take leaked usernames and passwords and attempt to login to other online accounts, a tactic called credential stuffing.

Passwords should be unique for every account and should comprise a long string of upper and lower case letters, numbers, and special characters. Clearly, it’s difficult to remember all these passwords, which is why password managers are such popular tools these days.

2. Set up two-factor authentication.

Having a strong password often isn’t enough, for example, if your credentials are leaked in a data breach. Two-factor authentication (2FA) and two-step verification (2SV) involve an additional step to add an extra layer of protection to your accounts. The extra step could be an email or text message confirmation, a biometric method such as facial recognition or a fingerprint scan, or something physical, such as a US

3. Use a VPN.

Many people are familiar with using a Virtual Private Network (VPN) to bypass geographic restrictions on streaming sites and other location-specific content. Indeed, since a VPN tunnels your traffic through a server in a location of your choice, it’s ideal for location spoofing.

But a VPN has another important role, and that’s improving your online privacy. A VPN encrypts all your internet traffic, so that it is unreadable to anyone who intercepts it. This keeps it away from the prying eyes of any snoopers, including your Internet Service Provider (ISP), government agencies, or hackers.

Note that using a VPN can slow down internet speeds. If you need to perform high-bandwidth tasks such as holding video conference calls, you need a VPN known for its speed and reliability. We recommend calling Pc Network solutions, 561.745.7013

4. Set up firewalls.

Firewalls act as a line defense to prevent threats entering your system, they create a barrier between your device and the internet by closing ports to communication. This can help prevent malicious programs entering and can stop data leaking from your device.

Your device’s operating system will typically have a built-in firewall. In addition, hardware firewalls are built in to many routers. Just make sure that yours are enabled.

If you don’t have a built-in firewall or are looking for some added protection, there are plenty of third-party firewalls available. Some great free options include ZoneAlarm Free Firewall 2019 and AVS Firewall.

5. Use an antivirus software.

Although a firewall can help, it’s inevitable that threats can get through. A good antivirus software can act as the next line of defense by detecting and blocking known malware.

Even if malware does manage to find its way onto your device, an antivirus may be able to detect and, in some cases, remove it. Norton, McAfee, and Bitdefender are some recommended options if you don’t already have antivirus software.

6. Secure your home router.

Do you know if you changed your router password when it was first installed? Many people didn’t, leaving their home network vulnerable. It’s important to take simple steps to protect your home network to prevent malicious parties having access to connected devices.

Changing your router password is a good first step, but there are other actions you can take. For example, you should make sure firmware updates are installed so that security vulnerabilities can be patched. The encryption should be set to WPA2 or WPA3. Restrict inbound and outbound traffic, use the highest level of encryption available, and switch off WPS. To learn more about securing your home router you can check out our dedicated guide.

7. Install updates regularly.

Updates to device software and other applications can be a source of annoyance. But they really are important. Updates often include patches for security vulnerabilities that have been uncovered since the last iteration of the software was released.

In many cases, you can set updates to run automatically, often while you’re sleeping, so you don’t have to worry about downtime.

8. Back up your data.

Data can be lost in a number of ways, including human error, physical damage to hardware, or a cyberattack. Ransomware and other types of malware can wipe entire systems without you having a chance to spot it

Clearly, there are plenty of reasons to keep your data backed up. While hardware backups are still an option, one of the most convenient and cost-effective ways to store your data is in the cloud. Cloud backup services come with a wealth of options enabling you to customize your backup schedule and storage options. A couple of our favorite budget-friendly options are Google drive and OneDrive.

9. Beware of remote desktop tools.

Many employers will be allowing employees to access their work networks via Remote Desktop Protocols (RDPs). While this can be secure, a 2019 Check Point study found security problems with some of the most popular RDP tools for Linux and Windows.

10. Look out for phishing emails and sites.

Phishing emails, as well as voicemails (vishing), and text messages (smishing) are used by cybercriminals to “phish” for information. This information is usually used in further schemes such as spear phishing campaigns (targeted phishing attacks), credit card fraud, and account takeover fraud.

With the rise in the number of people working from home due to the coronavirus outbreak, no doubt there will be plenty of cybercriminals looking to cash in on the trend. It’s highly likely that phishing emails will target remote workers in a bid to steal their personal information or gain access to company accounts.

To spot a phishing email, check the sender’s email address for spelling errors and look for poor grammar in the subject line and email body. Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100 percent. If in any doubt, contact the alleged sender using a phone number or email address that you find somewhere other than in the suspicious email.

If you do click a link and end up on a legitimate-looking site, be sure to check its credibility before entering any information. Common signs of a phishing site include lack of an HTTPS padlock symbol (although phishing sites increasingly have SSL certificates), misspelled domain names, poor spelling and grammar, lack of an “about” page, and missing contact information.

11. Watch out for work-from-home scams.

As well as targeted phishing attacks, we’re likely to see an increase in work-from-home scams and other schemes that typically target gig economy workers. Many of these request personal information or upfront payments before you can begin work. By the time you realize it’s a scam, the fraudster has ceased contact and stolen your money or taken over accounts.

If you’re looking for freelance work, use reputable sites that offer protection to both clients and freelancers such as Upwork and Freelancer. Never share personal information with a client that you haven’t thoroughly researched. And don’t work with anyone who requests an upfront fee.

Also be on the lookout for pyramid and multi-level-marketing (MLM) scams as these are often well-disguised as legitimate and attractive work-from-home opportunities.

12. Use encrypted communications.

Of course, there are times when you need to communicate with fellow workers, and it’s common for those emails to include sensitive information. If your company doesn’t already provide you with secure methods of communication, you may have to come up with your own options.

Thankfully, many mainstream messaging services such as Signal, WhatsApp, And Telegram come with end-to-end encryption as default or as an option.

Need to use email? Encryption using mainstream email clients can be tricky, but there is the option to switch to specialized encrypted email providers such as Barracuda and Every cloud. For more info please contact us at 561.745.7013

13. Lock your device.

If you do have to work in a public space, or if you live with people who you can’t share work information with, then it’s important to keep your device secure. Password-locking your device will usually encrypt its contents until someone enters the password.

If you’re looking for more protection, you can use an additional full disk encryption tool such as VeraCrypt or BitLocker.

If you need to physically lock your device, for example, at a library or hospital, a Kensington lock is a great option.