Staying Safe in Cyberspace While Working from Home

With offices and schools now closed to non-essential workers, most of us are now operating remotely from our homes, often using personally-owned computers and laptops. We’re also relying on online services to stay in touch, work remotely and educate our children.

For some, this will all be very new, causing concern about online threats from cybercriminals and how to protect ourselves against them.

Crises affecting large numbers of people will often trigger a significant increase in fraudulent activity. Coronavirus is no different. Expect fake adverts for anything from vaccines to facemasks, links to sensational news articles and videos, bogus charity appeals and phishing emails claiming to be from travel, compensation and insurance companies. Fraudsters know that at times like these, people may be too concerned or preoccupied to spot that something isn’t quite right!

Over the last twelve months, there has been significant growth in cyber criminality in the form of high-profile ransomware and phishing campaigns. Breaches have resulted in personal data being leaked on a massive scale, leaving victims vulnerable to fraud. Although we’ve seen a shift in tactics whereby criminals are now targeting businesses more than individuals, we all need to be vigilant.

Cyber criminals will often seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly. The most common cyber threats include:

  • Hacking – social media and email passwords being stolen
  • Phishing – bogus emails asking for security information and personal details
  • Malicious Software – including ransomware, through which criminals hijack files, encrypt the content and hold the files ransom for payment
  • Distributed Denial of Service (DDoS) attacks against websites.

In addition to these common threats, the sudden surge in the use of online videoconferencing services is likely to give rise to novel methods by which cybercriminals will hi-jack or hack these services.

Don’t become a victim

At CRMG, we recommend a few basic practices that can minimise the risk of falling victim to an online scam or malicious attack. Most cyber-attacks can be prevented by following these basic steps:

  1. Choose strong passwords and don’t re-use them for multiple sites/systems
    • Suggestion: switch “e” for “3” or “o” for “0”. Simple changes will make passwords more resilient against dictionary and brute force attacks
  2. Install security software such as anti-virus and two-factor authentication (2FA)
    • Amazon, Gmail and a host of other online services now offer this for free. 2FA is proven to be a highly effective security control to help prevent access to your information
  3. Keep all security software and operating systems updated (this can usually be set to update automatically)
    • Often the first port of call for hackers is to check for known vulnerabilities (think of them as ‘loopholes’) that can be exploited. Updates from software suppliers will provide patches to address these vulnerabilities
  4. Do not click on any link or attachment (e.g. in an e-mail) if you are even vaguely doubtful as to its authenticity – and never respond to a request to provide or verify sensitive details
    • A good way to verify the authenticity of a web link in an e-mail is to hover above it to see the website address that sits behind it. Remember that cybercriminals will often try to forward you to elaborate copies of websites that you might be familiar with, so don’t go by ‘look and feel’ alone!

Meeting online

When meeting online or videoconferencing, apply the following good practices where you can:

  • As a general rule, avoid discussing or disclosing sensitive information when meeting online
  • For meetings you host, ensure your meeting attendees are required to provide a password to enter the meeting
  • Avoid using the same meeting ID for all your meetings
  • Prepare for screensharing by making sure there’s nothing on your computer desktop or web browser that discloses sensitive information (professional OR private!)
  • When using video, ensure there is nothing of a sensitive nature (for example, printed files or flipcharts that reference clients, or sensitive personal information) within camera view
  • Cover your computer camera when not using it for videoconferencing
  • Remember that online meetings are often recorded (and the meeting host might have omitted to obtain your permission beforehand). If you’re not prepared for anything you say to be recorded for posterity, it’s probably best not to say it!

In summary, good cybersecurity hygiene in the home is of paramount importance – particularly at a time when stress levels are raised. Applying the simple measures set out above will go a long way towards keeping you safe in cyberspace.

You can obtain more assistance from CRMG by visiting us at:

Web: https://www.crmg-consult.com/contact-us/

Phone: +44 20 3811 8727

Email: info@crmg-consult.com

As well as seeking help and advice from CRMG, there are other helpful websites publishing guidance such as:

www.cyberaware.gov.uk

www.securityforum/covid-19

www.getsafeonline.org

www.ncsc.gov.uk

If you think you’ve been victim to cyber crime or fraud or experience ransomware attacks you can contact the National Crime Agency direct who will provide help and guidance in getting you up and running again – they can be found here www.nationalcrimeagency.gov.uk.

For guidance from CRMG’s team of experts, please enquire at info@crmg-consult.com.

About the author


Neil Ackerley
Principal Consultant, CRMG
Industry Specialism: Government
Area of Expertise: Cyber Security Executive Management, Information Risk