Don't Ease Up on Security Practices
During the COVID-19 pandemic, many organizations are shifting the way they operate and going remote. Hackers are shifting the way they operate too and taking advantage of the situation by launching attacks during a time when everyone is distracted. Operating in a remote environment is not the time to relax security controls. It's quite the contrary and now is the time to be even more diligent with exercising good cyber hygiene.
The World Health Organization (WHO) has issued a warning that scammers are trying to trick people into sharing their account credentials or personal information through social engineering tactics, such as sending email messages with malicious content or attachments. You may be offered information by email concerning the COVID-19 virus or asked to contribute to a charitable organization to assist persons in need. These scams come in the form of emails, fake websites, phone calls, text messages, and even faxes. Examples of suspicious behavior include receiving unsolicited emails asking for login information, directing you to malicious websites, or asking for direct donations to support emergency response or funding.
Tips to avoid these scams:
- Prior to opening an email, verify the sender by checking the email address
- If the message looks suspicious; don’t open attachments, click on links, and delete the message
- Hover over and check the link before you click. Do not click from mobile phones if you cannot check the link
- Be cautious about providing personal information
- Do not rush or feel under pressure to take action
- Identify and only use recognized sites to obtain COVID-19 information
- Navigate to legitimate websites by typing the URL directly into your web browser
Brush up on your cybersecurity skills by completing the cybersecurity awareness course in TalentWeb (for faculty and staff). An email will be sent directly to students for access to an awareness education course.
Home Network
You're not on campus anymore and no longer have some of the protections the network offers. However, there are steps you can take to protect your home network.
- Separate your network so that your work and personal devices are on different wireless networks, where possible
- Change the default password on your wireless network. Your internet service provider (ISP) should have instructions on how to do this.
- Update your home router firmware to the latest version. Again, check with your ISP for instructions.
- Use WPA2 or WPA3 encryption to protect wireless connections
- Ensure your antivirus software is up to date and running
- Ensure applications are up to date and patched; hackers will attempt to exploit vulnerabilities
Home Office
- Lock or logout your computer when you step away from the computer to protect access to work systems
- Work related documents should be kept in electronic format. If they must be printed, keep them locked and stored when not in use. Also, continue to adhere to regulatory requirements that may limit the location of documents.
- Limit access to work computers and systems to faculty and staff; this prevents unauthorized disclosure of information
- When discussing private or sensitive information on a call or web conference, do so in an area that prevents exposure to unauthorized parties
- Consider using a password on web conferences to prevent others from joining when discussing sensitive or private information
Additional Resources:
FBI Warning of Conference Hijacking during COVID-19 pandemic.