Health Comes First, But There Are Also COVID-19 Data Security Concerns
Most of us are rightly focused on some of the larger and more pressing elements of the COVID-19 response in terms of staying healthy and helping those who aren’t. That said, there are others amongst us taking advantage of the confusion caused by the rapidly changing situation, and we all need to be extra vigilant with data security at this time. Here are some of the actions that should be taken to prevent threats specifically related to COVID-19:
Secure the home office. Some companies were ready to go with this and had no issues transitioning to a remote workforce, while others are scrambling to put tools and infrastructure in place. Those areas of vulnerability will increase as networks and resources get spread thin due to everything from lack of VPN or proper firewalls to employees feeling more empowered to visit sites or view content they otherwise may not in the office. Tips for curtailing some of the risks of remote work include:
- Try not to mix work and leisure activity on the same device
- Be suspicious of any email asking to check or renew your password
- As always, be wary of emails that come from unfamiliar or untrusted sources
- Be sure all software is up to date with privacy tools; add-ons for browsers and patches should be checked regularly
- Be sure all important files are regularly backed-up to help protect against a potential ransomware attack that might restrict access to data
- Check that home Wi-Fi connections are secure, ensuring people in the vicinity can’t snoop
Only get news and video from trusted sources. This ensures the information you’re getting is accurate and the content or applications you’re downloading aren’t malicious. Influential security blogger Brian Krebs and Business Insider described specific instances where hackers were using an accurate COVID-19 map as a cover to infect devices with malware.
Be wary of “too good to be true.” The U.S. Department of Justice already cracked down on an organization that was promising a bogus “vaccine” to COVID-19. It goes beyond that, however. Sometimes it’s a simple email link that’s the threat, as the Wall Street Journal recently detailed in the way criminals are using COVID-19 to lure people into clicking or engaging with a malicious link – and with governments around the world quickly initiating large stimulus packages among other fast-evolving elements of the situation, there will be many ways bad guys attempt to lure people into clicking.
Take an extra step to verify email requests: With so much changing all around us recently, many of us are becoming more accustomed to steps or requests many businesses are needing to take to work around our current circumstances that would have seemed uniquely odd just a few weeks ago. Business email compromises – more or less when you get a request via email for sensitive or valuable information – are rising as bad actors begin to take advantage of the many changes that are taking place in how people do business and how accommodating many of us have become to those changes. The FBI recently listed some useful detail to help stay aware and safe, but generally speaking – taking the extra step to verify requests for sensitive data even if the need is seemingly urgent is important right now.
Ransomware and operational issues: Though there are reports that certain groups known to use ransomware are vowing to “stay away” from hospitals and healthcare providers – at least one specifically said they were not including pharmaceutical companies in that “stay away” proclamation – it’s obvious criminals will likely not adhere to this. All organizations, particularly those on the healthcare provider side, need to be ready to find communications contingencies to help people stay informed and connected.