Due to the coronavirus known as COVID-19; people are spending more time at home, and rightfully are using internet technologies to stay connected with each other, with the news and to be entertained. Businesses that are able to are also adapting their approaches to help employees to work from home.
Unfortunately, when there are new approaches, we often see new vulnerabilities and new cyber attacks targeting those vulnerabilities. We wanted to share with you some quick tips to ensure that you are protected as much as possible.
These tips apply whether you are using devices for personal or for business work.
Know what you have
What devices in your home are connected to the internet? We’re not just talking about desktops, laptops and mobile devices. Maybe you’ve put in your wifi password into your Smart TV or Smart Lightbulbs. Maybe you have a cable running from your router into a set-top box. Maybe you have an internet connected CCTV system, or thermostat. We are living in an increasingly digital world. It is recommended that you make a list of what digital devices are connected to your home network.
If you are technically savvy, you may wish to separate any IoT systems, such as smart lightbulbs and personal assistants like Alexa / Google Home devices on a separate wifi network to your desktops, laptops and mobile devices.
Keep your devices updated
Your internet connected devices should be able to fetch updates from the web. If you’re on Windows, Mac or Linux check for updates regularly. On your Android or Apple devices check for updates in the app/play store regularly. If you have an IoT system, find the manual and check for updates regularly.
Updates are not just for new features or improved ways of using the system. They often improve the cyber security of the system, as well as the cyber security around that system. There are recent examples of vulnerable smart lightbulbs being able to be used to explore other parts of a home network - an update to those lightbulbs would reduce the threat.
Keep your web browsers updated too - whether you use Firefox, Chrome, Safari, Brave or Edge - check for updates. Do it after you’ve read the rest of this post!
Backup important data
If you have important data stored on your computer, and this is particularly important for businesses, then you should backup that data. This could be on an external hard drive at home (which could be a “thumb drive” / “USB dongle”), or it could be “in the cloud” using a service such as Google Drive, Dropbox, Microsoft OneDrive or one provided by your Internet Service Provider.
Businesses may also have their own backup method, and should provide you with details on how to use. Try your best to keep personal and business backups separated.
Get Protected, Stay Protected
Ensure that you have antivirus installed and running on your desktop/laptop machines, and importantly, kept up-to-date. Some antivirus systems also come with services such as banking protection, tracking protection and a personal VPN. These all help in the fight against cyber attacks. With all of these systems it is incredibly important, and we are repeating ourselves here, to check for updates regularly.
There are two browser plug-ins that we recommend, which work on most contemporary browsers (Firefox, Chrome, etc.):
HTTPS Everywhere - helps to ensure secure connection between you and the websites that you visit
Privacy Badger - helps to ensure that you are not tracked while on the web
UBlock Origin - a free and open-source, cross-platform browser extension for content-filtering, including ad-blocking.
Ghostery - a free and open-source privacy and security-related browser extension and mobile browser application.
Our final note in this section, is to ensure that you have enabled the highest level of security on the websites that you login to. This is typically called “two-factor," “2FA” or “multi-factor” authentication. You’ll usually have to put in your mobile/cell phone number to receive a special code by text messages, or use Google Authenticator or Microsoft Authenticator apps on your phone.
Be Aware
The most important tip: Be aware! Be vigilant!
When you are visiting a website, especially one that handles your personal data or your financial data (such as debit/credit cards), make sure that it has a little lock symbol in the address bar (or has https at the beginning of the web address).
If you’ve not used a particular website, and even when you do have the lock symbol, ask yourself “do I trust this website?” You may also want to check on a site such as Trustpilot to ensure that other consumers have received a good service through that website.
When you receive emails, text messages or messenger messages, ask yourself “is this a legitimate message?” If your email service says it may be a scam, then it almost definitely is. If it seems dodgy, it probably is. If it doesn’t seem dodgy, it may still be dodgy. Ways to check would be to check the sender email address, hover over links to check destinations (try not to click on anything). Ideally, if you know it is from a website that you trust and the message has asked you to “click here to login” - don’t click it, but type in the web address that you know and trust (or search on google for it), and login that way. Therefore you will have more confidence that you haven’t accidentally given someone your login details.
Keep connected
Seriously, keep connected. This isn’t a personal & business cyber security tip, but an important one. Don’t be frightened by the cyber attacks that are out there, we must live on during the lockdowns, and being social is a core part of human nature. Most of the serious cyber attacks are targeted to particular businesses or parts of society which are vulnerable. Follow guidance on cyber security, do your best and back-up the important stuff in case you need to recover it… but keep connected with other people.
We recommend the following communication services, provided that you connect with them securely, and be vigilant!
Signal
Google Hangouts (or Hangouts Meet if you’re a business)
Microsoft Teams
Skype
Further Resources
We recommend two further resources on other websites that you should read:
“Home working: preparing your organisation and staff” by the UK National Cyber Security Centre (NCSC)
“What You Should Know About Online Tools During the COVID-19 Crisis” by the Electronic Frontier Foundation (EFF)
How are Awen helping during this rapidly changing time caused by COVID-19?
We are helping by writing posts like this, and doing what we can to ensure good cyber security wellbeing in the digitally-enabled communities.
We are giving our software Profile away for free (in 2020) to healthcare organisations, and to particular parts of the healthcare supply chain such as personal protective equipment (PPE), hand sanitiser, ventilator, COVID-19 test and COVID-19 vaccine/treatment manufacturers.
Our CEO, Daniel, is on the COVID-19 Tech Taskforce for Wales - which brings together organisations from across different sectors and industries to share resources on best practise of dealing with Coronavirus pandemic.