Cybersecurity in the Pandemic Era
The coronavirus pandemic has forever changed the way we work, live, and communicate.
Indefinite work from home policies. Virtual meetings and conferences. Digital hangouts with friends. Remote learning and distance education. Grocery delivery apps. E-commerce. Online banking. Telemedicine.
Since the start of the Covid-19 crisis, the world’s digital presence has increased exponentially and the number of cyberattacks has grown five-fold, with cybercriminals exploiting the fear and uncertainty caused by the socio-economic impact of the pandemic.
Zoom has been actively working to secure their platform after a rash of heinous ‘zoombombing’ incidents occurred in the spring. Microsoft Teams was recently hit with a phishing attack. Google plans to shut down Hangouts in favor of Chat and Voice to provide more security tools and combat robocalls in accordance with the new EU and US telecommunications regulations. Phishing emails and identity theft exploded in the wake of government stimulus checks. Bank of America and JPMorgan Chase experienced mass outages this year due to increased DDoS attacks. United Health Services was just hit with one of the largest medical cyberattacks on patient and medication data in U.S. history.
There are no industries and no platforms free of cyberthreats and security challenges.
However, there are many steps you can take to protect yourself in the digital landscape:
- Keep all software and operating systems updated to the latest version in order to prevent malware and other vulnerabilities.
- Routinely back-up your devices to an external drive or a cloud platform, in case of a ransomware attack.
- Change the default SSID and password on your WiFi network and make sure your password is complex. Alter your password every three months. Also, use WPA2 security encryption and regularly update your router to safeguard your firmware.
- Secure your personal network by installing a firewall, as well as anti-virus software and patches.
- From emails and social media to digital banking and online bill paying, make sure your login passwords are at least 12 characters long with letters, numbers, symbols, and a combination of lowercase and uppercase characters. Change your passwords frequently. Always use two-factor authentication, Google Authenticator, or other verification code apps for extra protection when accessing your accounts.
- Install encryption tools on all your devices and utilize communication platforms with end-to-end encryption.
- Avoid phishing scams by never opening an email from someone you don’t know, never clicking on an unknown link, and never going on any untrusted sites.
- Make sure your meeting is password protected. Utilize the Meeting ID and password or PIN. Some platforms create auto-generated passwords and some let you create a password. If you create your own password, make sure it is an obscure combination of letters, numbers, and symbols, rather than something predictable, such as ‘ABCD’ or ‘1234.’ Also, never reuse an old ID or PIN number. Once you’ve obtained your ID and PIN, be sure to share this sign-in information and the meeting link with participants through private messaging channels or email. Also, if you can, only send this information out an hour or so before the meeting starts.
- Use the waiting room feature to assess all participants before allowing them into the meeting.
- Turn off default screen-sharing and audio for all incoming participants. Also, limit your use of video in virtual conference calls, if you can.
- Lock a meeting once all participants have joined.
- If you have to record a web meeting, be sure to encrypt it.
For VPN users with sensitive data and work information:
- Utilize OpenVPN protocol, which is fast, secure, and recovers quickly from a lost connection. If your VPN provider doesn’t offer it or your operating system doesn’t support it, choose IPsec which is just a secure.
- Enable the kill switch or install your own kill switch if your VPN doesn’t have the function already integrated. This will safeguard against an IP leak in the event your connection is lost.
- Make sure your VPN has its own private, encrypted DNS server.
- If your ISP supports IPv6 traffic, but your VPN does not, you could face an IPv6 leak. Use a VPN service that blocks IPv6 traffic and defaults to IPv4 or disable IPv6 all together.