Working from home has become the norm during the coronavirus pandemic. How can employees work safely in this environment?
Below, Information Age outlines a guide for safely working from home.
With more people working from home, there are increased security risks to employees and companies aiming to remain active during the continued closure of physical spaces.
The danger to companies is not just hacking, lack of network security and poorly encrypted devices, but also the spread of misinformation and phishing emails.
With experts reportedly saying that coronavirus has precipitated the biggest jump in email scams in years, we will tell you what to look out for and how to successfully combat misinformation and nefarious emails.
What coronavirus scams are out there
The BBC his listed five main scams that we will summarise here:
1. Click for the cure: This email claims that a vaccine for the virus has been covered up by world governments and the link embedded will give people details. This one is relatively easy to spot by hovering your mouse over the link, it will reveal the real domain address.
2. Coronavirus tax rebate: This is an augmented version of a common scam. The email contains a link to click to collect a supposed tax rebate. HMC does not conduct tax refunds in this way, no matter how official the website looks.
3. WHO fake advice: This email appears to be from the World Health Organisation with an attachment containing advice. The attachment infects computers with malicious software called AgentTesla Keylogger, which tracks typing on the infected computer. Don’t click attachments on emails where you are not entirely sure of the origin.
4. CDC — the virus is now airborne: Hackers will try to use panic and uncertainty to their advantage. By using spoofing tool this scam email may appear to come from a legitimate Centre for Disease Control address. This is a more sophisticated scam that attempts to get you to enter your email address and then steal your login details. The best way to combat this is through a 2- factor authentication system.
5. Fake donation plea: This scam attempts to highjack people’s goodwill in order to get them to download malware onto their computer. Again, the email appears to be from the CDC and askes for a donation to help fight the vaccine. Do not engage with an email where the premise seems strange or not fully correct, hackers are attempting to use the crisis to manipulate people against their better judgment.
There are potentially hundreds, if not thousands of scams of this nature circulating which if allowed to percolate could be incredibly harmful to businesses; the first step to combatting them is awareness.
A remote working guide: how can UK businesses prepare for an Italy-style Covid-19 lockdown?
What to spot
The NCSC gives some very good guidelines on how to spot phishing emails. To summarise:
- Don’t click on any unverified links.
- If the email has poor grammar, punctuation or spelling but claims to be from an official source.
- If the overall quality of the email (banners or logos of low quality, etc) is not what you would expect from the organisation it is sent from.
- Does the email refer to you by name or use a general term like ‘valued customer’ etcetera.
- If the email displays a real sense of urgency or threat, particularly around coronavirus, it is unlikely to come from official sources that are all trying to minimalise panic.
- If the email sounds too good to be true, like a vaccine for the virus has already been developed, it is unlikely to be real.
- If the email address or sender name is particularly convoluted or strange its best to tread cautiously.
- Official sources should never ask for personal information via email.
- If you are suspicious of the illegitimate nature of an email, call or otherwise check with the supposed organisation before interacting with the email.
These steps will become ever more crucial as hackers continue to use the crisis to target people with ever-increasing sophistication.
What to do if you have already clicked a link
- Run a full scan using anti-virus software if possible, follow instructions.
- Change your passwords if you have provided any.
- Contact your company’s cyber-security department if it was done on a work device.
- Report to Action Fraud if any money was taken.
How to stop the spread of misinformation
In order to prevent the spread of misinformation, businesses have been advised to compile and summarise information on the disease to keep their employees up to date, while being able to create a recognisable and legitimate source of news in the process.
Companies and employees can visit the government website for regular updates.
It is important that businesses and employees trust legitimate media outlets and news sources as some scams are predicated on conspiracies designed to inspire hope, but also distrust in mainstream sources, the fake vaccines scam being a good example.
Will an increase in remote working lead to more cyber attacks?
Wider security measures
Companies can protect their assets and information by making their data is less vulnerable, but also by making their employees more aware of threats.
Ways of improving security include:
- Written guides for software usage.
- Staff may lose or have devices stolen working away from the office. Devices data needs to be encrypted. Most modern devices have built-in encryption, but it may still need to be activated or configured.
- If possible, configure data stored to standardised settings using management software meaning lost devices’ data may be easy to erase and backup.
- Make sure staff report any problems.
- Educate staff on cyber threats. The NCSC has a Top Tips for Staff e-learning package if required.
Paul Chichester, director of Operations at the NCSC, said: “We know that cybercriminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak.
“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.
“In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”