by Claire Harratt

Head of Managed Security Awareness Services

Connect with Claire Harratt on Linkedin Connect with Claire Harratt on Linkedin

Working Safely from Home during the Covid-19 Outbreak

Saepio have long promoted the importance of security awareness and training your staff to recognise the ways in which cybercriminals will target them. Unfortunately, the bad guys have wasted no time in exploiting our fears around Coronavirus and we’ve seen an unprecedented increase in opportunistic criminal activity on the internet.

As many of us make the move to working from home to socially distance and protect our frontline services, we also want to help keep you keep safe from a cyber perspective during these strange times.

<h1>Our Top Tips for Working Safely from Home</h1>

Our Top Tips for Working Safely from Home

 

1.   Secure Your Home Network

  Change the default administrator password on your wireless router
  (check with your internet service provider if you’re not sure how).
  Make your new password strong. A long phrase is good e.g. TheDogLikesToWagHisTail!
  Make sure you have enabled a secure network (WPA2), that requires people to enter a password to join
  (again check with your ISP if you’re not sure how).

 

2.   Keep Your Devices Safe

  Make sure all the software and applications on your devices are up-to-date with the latest versions.
  Out of date software is potentially full of vulnerabilities that hackers can exploit, so search daily for updates.
  Install anti-virus software if you haven’t already.
  There are some great free ones available e.g. www.malwarebytes.com.
  This will prevent any potentially malicious programs from downloading and executing on your devices.

 

3.   Enable 2 Factor Authentication

  Where possible enable 2 factor authentication for access to all your devices and the websites you frequent.
  If any of your credentials do get hacked, 2FA makes it a lot harder for cybercriminals to access anything important.
  2FA comes in various formats, some websites may text you a code to enter for example,
  or you could download an authenticator app;
  Google Authenticator is a good free app that you can download for 2FA.
  You can find it on Google Play and the App Store.

 

Watch Out For:

1.   Malicious Websites

Since January there have been thousands of websites registered containing the word corona, and sadly many of them are suspicious. Hackers often use malicious websites to download malware and ransomware onto computers and networks. Watch out for malicious sites such as coronavirus.com, corona-virusmap.com, coronavirus-realtime.com.

The BBC website has a safe map you can view at www.bbc.co.uk.

 

2.   Spam Emails

Many of these are now doing the rounds offering to sell goods that are in demand, like hand-sanitiser and masks. They may also encourage you to purchase information videos. Be wary of any emails that are trying to sell you something. Only enter your credit card details online when you have typed a trusted website into the address bar e.g. amazon.co.uk, tesco.co.uk.

Look for the little green padlock symbol to check the site is secure.

 

3.   Phishing Scams

These are emails that contain malicious links or attachments. They are most often used as a way of delivering malware or ransomware onto your computer, but they may also be designed to harvest your information e.g. your username and password or your credit card details.

Typical examples we are seeing are emails that look like they are coming from the World Health Organisation (WHO) or Public Health England (PHE). Think before you click!

 

4.   Fake Charities

Scammers love a natural disaster. They often set up fake charity websites, or Facebook pages and send out emails asking for donations to help those affected. In the case of Covid-19 it might be to help fund research, help with childcare costs for doctors and nurses etc.

If you want to donate, type in the charity’s web address into your address bar e.g. unicef.org.uk, nationalemergenciestrust.org.uk.

 

5.   Fake HR/IT Emails

Treat any emails that look like they are coming from IT or HR that ask you to enter your username and password with extreme caution. These are usually crafted by cybercriminals to harvest your credentials so they can gain access to your corporate network.

If you are in any doubt, pick up the phone or forward the email to HR/IT to verify if it is legitimate.