COVID-19 Cybersecurity Remote Work Warning

As everyone is busy with COVID-19 precautions, we want to make sure you don’t lose focus when it comes to cybersecurity. Knowing the world is occupied with the pandemic, hackers have taken full advantage of the situation and are using it as a targeting vector. This can come in the form of phishing emails, vishing (the term for a fraudulent phone call), or text messages. It is more important than ever that we all remain ‘cyber vigilant.’

Here's our advice on how to stay safe while working from home:

Be wary of EVERY email, text, and call you receive.

1. Always check the sender’s email address to ensure it is coming from a legitimate source. You can hover your cursor over the ‘Sender’ field and it will show the actual sender address. If it looks suspicious, it probably is.
2. If you don’t recognize the email or text sender, delete it.
3. If the email, text, or call is from a known contact, but it was odd or unexpected, pick up the phone and call the sender!
4. No vendor, healthcare provider, or legitimate company will email you and ask for you to ‘confirm’ personal information via email. They may use email to “confirm” a legitimate request that you initiated, but they will still not request personal information via email.
5. NEVER click on a link or open an attachment in an email you are unsure of. If you receive an email that has content you wish to review further, go to that company or organization’s website independently.
6. If you’ve clicked on a link or attachment in an email that looks suspicious, call your Whittlesey advisor immediately.
7. Now is the time to dial up the cyber education to staff and deploy custom phish campaigns, so staff do not “take the real bait” from phishing attempts using COVID-19 and incentive scams.

Make sure you have appropriate security on your home network. We find most do not.

1. Use Windows 10 with up-to-date security patching.
2. Run antivirus with up-to-date definition files.
3. Attach to your business network with a VPN and remote desktop with two-factor authentication enabled.
4. Use secure, complex, passwords or passphrases on your accounts for Windows, Apple, Android, and wireless systems.
5. DO NOT allow others in your home to use the same account. If they need the computer, log out, and give them their own login (without Administrative rights and access to your files).
6. Have a good firewall enabled. Make sure your router/gateway/firewall has been updated and has a secure passphrase only you know (and not the default one set by the manufacturer or internet provider). And yes, this is completely different from the Wi-Fi passkey/password. That passkey is only connecting to Wi-Fi. Make sure that is sufficiently strong and unique as well!

Never send any private information over email. Use an encrypted process available in Office 365 and other systems including portals (e.g. Sharefile).

If you use Office 365, Dropbox, or other cloud systems, they must be setup correctly or you will risk unauthorized access. This includes log settings, two-factor authentication, encryption, and more. You will want a seasoned IT security professional to review your setup. Those doing it themselves must follow security best practice guidelines from the manufacturer or from known security resources.

Please contact your Whittlesey advisor or email Mark Torello for assistance. We are experts in helping our clients achieve secure, efficient, remote access to their systems.

Disclaimer: Our content, comments, and answers to questions should not be construed as specific advice for your particular situation.