Companies worldwide have instructed employees to work from home inorder to practice social distancing and reduce the spread of COVID-19. Packing up an office and installing it at home can be stressful when trying to remain connected to networks, servers and emails and continue to be as productive as in the office.
Quickly moving to a new work environment can also cause cybersecurity problems for companies and their employees. With the seriousness of COVID-19, society is filled with fear and uncertainty, making it the ideal time for malicious cyber actors to exploit any vulnerability in online services and users.
FIU’s College of Engineering & Computing experts offer tips to work remotely, in a safe and smart manner, while practicing cyber hygiene.
Received an odd email? Think before responding.
Known as phishing attacks, hackers can send an email with a malicious link, hoping users will click on the link.
“Do not click any links or open any attachments in emails, especially if you don’t know the sender and if the email is unexpected,” says Selcuk Uluagac, associate professor in the Department of Electrical and Computer Engineering and director of the Cyber-Physical Systems Security Lab. “You need to be extra cautious.”
Uluagac advises to immediately contact FIU’s Division of Information Technology (IT) if an employee receives an email asking for your username or password, to verify if the email is legitimate.
“If you receive an email from someone you know, but it doesn’t sound like them or they claim something is urgent, question this,” says Alexander Perez-Pons, senior instructor in the Department of Electrical and Computer Engineering.
Perez-Pons explains that hackers may create an email that looks very similar to an existing employee’s email but may only be different by a letter. FIU now tags emails that are coming from an external source, which reduces and alerts users so that external emails are treated differently than internal ones.
External emails can come from various sources and changes in letters and email providers are more prone. For external emails, makes sure you recognize the email address and its source, aware that either can be different in a phishing attack.
“My recommendation is to check with your supervisor first,” says Perez-Pons. “I would also call the sender and ask them to FaceTime. If it’s someone you’ve never met before, you wouldn’t know what their voice sounds like.”
Steve Luis, executive director of technology for the college, adds we should expect to see a spike in junk mail in the coming months.
“I’m concerned about social engineering attacks that invoke people’s fears about COVID-19. The scams can play on people’s emotions and we may accidentally share personal information we shouldn’t.”
Never click on a suspicious link.
If you receive a text from a company, like your bank, telling you to click on a link, don’t. Instead, directly enter the official URL of your bank.
“We’re out of our comfort zones. People are overwhelmed. They are trying to remain productive, while also educating and taking care of their children,” says Perez-Pons. “Hackers know there’s anxiety. There’s frustration.”
Uluagac adds that with more people working remotely, the usage of online messaging apps is on the rise. Hackers can send malicious messages via text and other messaging platforms. Avoid clicking on links from people you don’t know, especially if they are not in your contacts.
Verify the applications you are downloading.
People want to be connected and informed on updates about the coronavirus pandemic. Hackers have created applications so you can monitor this activity live. An app may have a trojan horse, a term in computing referring to a malware that misleads users of its true intent. Once installed hackers can get access to extricate work you may be doing. Review the credibility of an application before downloading it.
Make your IT department your best friend.
During these times, it is crucial to stay in touch with your IT department.
“It’s easier to be a target when you’re at home because the network security you have is directly related to how much security you know,” says Perez-Pons.
Connect to your VPN.
Always use VPN (virtual private network) technologies to connect to your work environment.
“That will provide an encrypted and secure connection to your work environment,” says Uluagac.
Update your credentials and security software.
Change your Wi-Fi password to ensure it’s not a simple password to crack. Make sure you don’t use the address of your home as your network name.
Check to see if all security software (anti-virus, privacy tools, browser add-ons) are active and updated regularly.
Be vigilant of malware designed for online-shared technologies.
“Another threat that is on the rise in the enterprise working environment is malware designed for online-shared technologies, like Office 365, Microsoft Word, Excel, Dropbox,” says Uluagac.
When sharing documents with passwords through these applications, do not set up weak passwords. Follow suggested best practices like combining multiple characters, numbers and mix of upper-and-lower-case letters. Avoid using the same password for multiple accounts.
For additional tips, visit FIU’s Division of Information Technology website for implementing cybersecurity measures while working remotely during COVID-19.