Beware of Covid-19 Related Phishing Scams

Remote.Working.SecurityThe changes in Covid-19 related working practices including increased levels of remote working bring to the fore the need for adequate online security for clients, staff and their business.

We have created a list of security measures using guidance from the EU Agency for Cybersecurity (ENISA) for you to consider in your business to protect you, your staff and your clients privacy and data:

Identify Scams

There has been a notable rise in the number of phishing scams on businesses in recent weeks in response Irish cybersecurity awareness training company Cyber Risk Aware announced that it would be providing free COVID-19 phishing tests for businesses. Companies are invited to run a phishing simulation in which up to 100 staff can learn how to avoid falling for COVID-19 phishing lures.

In the meantime, here are some guidelines that your staff can adhere to:

> Don’t open emails from people you don’t know, with links or files, these links or files often can contain malware.

> If you receive an unusual email from a friend or colleague containing a link or file, contact the sender via phone to confirm if they have sent it. Their email account may have been hacked.

> Learn to recognise what the standard phishing scams look like. Phishing scams usually require you to act urgently – An example of this would be an email explaining that a certain account such as your PayPal account is under threat without you taking urgent action. They will ask you to click on a link or an image directing you to an external site to rectify the issue. Do not use these links provided in the email and check through an external channel if there is in fact an issue with your account.

If you have found it to be a phishing scam email, report the email to your email provider.

Use a Secure Wifi Connection

If you’re working from home and have an older Wi-Fi system in your home, take these steps to add additional security to your connection:

  • Confirm with staff that are working from home that they have updated anti-virus software on their computer or laptop with the essential privacy tools activated before accessing client’s confidential files.
  • You should be using WPA2 security to guard access to your router and change the Wi-Fi password on a regular basis to ensure not too many people have access to your Wi-Fi.
  • Disable remote access and UPnP. Many routers allow remote access from outside your home while Universal Plug and Play (UPnP) is a feature which makes it easier for devices such as smart TVs or game consoles to access the web. Unfortunately, UPnP can be used by certain malware programs to get access to your router’s security settings.
  • Keep all devices that are connected to your Wi-Fi up to date with latest security software.
  • Take care with which apps, programs and browser extensions you install.

Remote.Working.SafetyAdditional Steps

> Create difficult passwords using password manager tools such as LastPass which will create, remember and autofill passwords for you.

> Use a VPN, these are Virtual Private Networks have many roles but one important role that they provide is encryption of all your internet traffic meaning it is unreadable by anyone who accesses it. One option for smaller businesses include ScribeForce.

> Ensure all firewalls are enabled on devices connected to your network and if you are concerned that they are not enough. You can use a third-party firewall such as McAfee.

> Back up all data, ransomware and other malware can destroy data or wipe a system. You can use either a hardware backup such as an external hard drive or a cloud service such as iDrive.

Provide Good Support

If your staff are working from home, this working arrangement may be new to them and they may find it difficult to adjust to, particurarly if they are not technology savvy. Do your best to provide your remote team with a designated contact for tech queries or problems. Ensure they have the adequate support and outline the essential steps to be taken in the event of a security breach.