cyber security dos and don’ts during covid 19. Cyber Security has been a matter of concern for the organisations from a long time and on top of it Covid-19 brought lot of challenges to attain the same.

The COVID-19 situation has compelled organisations and individuals to take up security measures like social distancing and remote working. Governments and civil administration are bringing up new ways to ensure that their citizens would remain hopeful and stable. New economic plans, relief packages have been announced by the government. While the world is focused on the health and economic threats created by COVID-19, cyber criminals all around the world without a doubt are taking advantage on this crisis.

There is a huge spike in phishing attacks, ransomware attacks and malware attacks as attackers are using COVID-19 to lure employees and customers by impersonating government agencies, brands or any other important entity.Such attacks are aiming to infect more personal computers and phones. Attackers are targeting businesses as well as individuals by downloading ransomware disguised as legitimate applications.

Managing Cyber Security has become more challenging in the Work from Home scenario. Following are the Do’s and Don’t for employees and individuals.

DO’s

CYBERSECURITY DOS DURING COVI19

1. Use hard-to-guess passwords or passphrases. A password should have a minimum of 8 characters using uppercase letters, lowercase letters, numbers and special characters.
2. Create an acronym. An acronym is easy for you to remember but hard for anhacker attacker to guess. For example, pick a phrase that is meaningful to you, such as “My dad’s birthday is 12 December, 1975.” Using that phrase as your guide, you might use Mdbi12/Dec,75 for your password.
3. DO change your password in a regular interval, within every 30 days. This will make difficult for the hacker to use your cracked password.
4. DO use different passwords for different accounts. If one password gets compromised, your other accounts are still safe.
5. DO pay attention to the mails you receive, phishing traps in email and watch for tell-tale signs of a scam. DON’T open mail or attachments from an untrusted source. Whenever you receive a suspicious email, the best thing to do is to delete the message, and report it to your manager and Chief Information Security Officer (CISO)/designated security representative.
6. DO change your default username and password of your Wi-Fi router, remember that wireless is inherently insecure. Avoid using public Wi-Fi hotspots. Use your organisation provided virtual private network software to protect the data and the device.
7. Always keep your system updates, install the updates pushed by your organisation
8. DO keep your passwords or passphrases confidential. Never share your passwords with others or write them down. You are responsible for all activities associated with your credentials.
9. DO place confidential paper at proper places at home and destruct it properly prior to putting in dustbin.
10. DO destroy information properly eg. by shreddinga, when it is no longer needed.
11. Always backup your critical data to the drives and location provided by your IT Team
12. Never turn off antivirus system installed on your PC and keep it updated.
13. DO avoid printing confidential information outside personal printers. Always be aware of your surroundings when printing, copying, faxing or discussing sensitive information
14. DO keep your work devices are either shut down or locked—including any mobile phones you use to check email or make work phone calls.
15. DO report all cyber incidents and suspicious activity to your reporting manager and CISO/designated security representative.

DON’Ts

CYBERSECURITY DONTS DURING COVI19

1. DON’T leave sensitive information lying around the home if you live with roommates and young children.
2. DON’T leave important printouts or portable media containing private information on your desk. Keep them in a safe place drawer to reduce the risk of unauthorized disclosure
3. DON’T use your official laptops and desktops for personal work. Avoid accessing social networking sites via official systems.
4. DON’T share any private or sensitive information, such as bank details, credit card numbers, passwords or other private information, on public sites, including social media sites, and DON’T send it through email unless authorized to do so. Always use privacy settings on social media sites to restrict access to your personal information. In a nutshell avoid sharing too much personal information on social media.
5. DON’T click on illegitimate links from an unknown or untrusted source. Cyber criminals often use them to trick you into visiting malicious sites and downloading malware that can be used to steal data and damage networks.
6. DON’T use your private email address to send work-related emails and vice versa. Not only does it look unprofessional, but also expose your official email to unauthorized users many a times.
7. DON’T share your confidential information to unauthorized person over call and mail. Voice Phishing is a very easy way for an unauthorized person to call and pretend to be an employee or business partner.
8. DON’T respond to emails and phone calls requesting confidential data.
9. DON’T avoid patch installation warning on your systems.
10. DON’T install unauthorized software on your work computer, use only software authorized by your Information Technology department. Malicious applications often pose as legitimate software.
11. DON’T plug in portable devices without permission from your Information Technology department. These devices may contain malicious code just waiting to launch as soon as you plug them into a computer.
12. DO lock your computer by using (Windows + L)and mobile phone when not in use. This protects data from unauthorized access and use.
13. DON’T leave devices unattended. Keep all devices, such as laptops and cell phones physically secured. If your official device is lost or stolen, report it immediately to your manager and ISO/designated security representative.
14. DON’T leave wireless or Bluetooth services on laptop and mobiles turned on when not in use. Use password for Bluetooth and wireless connections. Use these services only in a safe environment.
15. DON’T use vulnerable video conferencing software

Cyber Security is a mutual responsibility of the organisation and its employees. Each and every individual play a crucial role in safeguarding organisations critical information assets. Current pandemic situation of course has increased the cyber security risk for the organisation, however proper technology measures and security awareness among employees shall certainly help to overcome these issue.

Keywords: COVID-19, pandemic, cyber security, DO’S and DON’TS, password security, Wi-Fi security, hacking, malware, phishing, patch management, antivirus.

#Tags: #COVID, #Workfromhome, #WFH, #compliance, #informationsecurity

Relevant Links

Cyber Security during COVID 19