Teleworking: The Perfect Chance to Review Your Cybersecurity
Rather than breaking in through doors or windows, today’s new criminals use communication technologies as a gateway to crime. The teleworking boom spurred by the coronavirus crisis will provide fertile ground for cybercrime - what can be done to prevent this?
by Gianluca D’Antonio, Academic Director of the Master in Cybersecurity at IE University.
As if the usual difficulties of teleworking weren’t enough—bandwidth problems, childcare, corners of the house where the Wi-Fi doesn’t work—cybercriminals have noticed the precarious circumstances of many companies and workers and seized the opportunity to develop new attack vectors.
To help mitigate these risks, I would like to share a few tips on best practices for safe teleworking.
It is a good idea to change your router password periodically. Choose a long, complex password that includes both numbers and special characters. If you have never done this before, call your telecom operator and ask them to guide you through it. This should only take a few minutes. Once the password has been changed, stay on the line and ask them to check that your router is using an encryption protocol to communicate with your devices. I recommend using the WPA2-PSK (AES) protocol, so that no one in the vicinity of your Wi-Fi network can intercept your communications.
Make sure the devices you use for work have the latest version of your operating system and applications (especially browsers, office applications, and document viewers). Check that your antivirus software is activated, properly configured, and updated. To minimize your exposure to potential risks, it is a good idea to use different devices for work and fun. Installing games can compromise a computer’s security, as well as the stability of the operating system and applications.
A virtual private network (VPN) allows a remote device to be securely connected to an enterprise network as if it were a local computer, allowing access to resources such as printers, file repositories, applications, proxy browsers, etc. Whenever possible, you should use this type of communication for work. Pay close attention to the installation of the VPN client. In the case of a manual installation, it is important to carefully verify the origin of the executable file. Only install the one provided by your company’s IT department. Malware disguised as VPN clients has been detected. Once you are connected by VPN to your company’s internal network, remember that any infection in your device can spread instantly to all other computers in the network.
Use extreme caution when opening and forwarding email messages. Numerous fraudulent email campaigns are being detected, with subject lines such as “Coronavirus” and “COVID-19” and content on pandemic-related topics such as fundraising, subscription requests, crowdfunding, etc. Be suspicious of these sorts of messages. Be very careful when checking the source domain, the organization of the purported sender, the content of the message, any attached files, etc.
5. Social media
The vast quantities of fake news and hoaxes circulating on social media have a wide range of objectives: generating adverse opinion regarding the authorities, taking advantage of the pandemic through fraudulent fundraising campaigns, collecting signatures, etc. I would advise you against opening any files or documents related to the pandemic, as they may contain malware. Use extreme caution when forwarding messages and documents to prevent the spread of malware and computer viruses.
6. Web browsing
Police have detected the purchase of more than 12,000 Internet domains with coronavirus-related names in the past few days. Clearly, this crisis is a great opportunity for organized crime: they, too, are adapting to the circumstances. The rise of e-commerce also provides a very desirable target for rogue actors. Be extremely careful while surfing the web. You can stay out of trouble by keeping your browser updated and avoiding websites of dubious integrity.
7. Mobile apps
Only install apps that are strictly necessary and whose origin you can verify. Depending on whether you use iOS or Android, there are different resources that can help you check whether an app is legitimate. Various mobile apps are cropping up to help fight the pandemic; be careful to install only those that come from legitimate authorities.