Why Daily Cyber Hygiene Matters in the Covid-19 Era
Cybercrime does not discriminate. With the onset of COVID-19 our lives have migrated online. From the largest organisations to schools, the message has been clear: to survive you have to go digital or close shop. Unfortunately, with the digitisation of most businesses comes more threats than opportunities, namely threats that have arisen in the cyber security landscape leaving no one safe. While organisations have invested heavily in ensuring that there are sound policies and infrastructure in place to combat the rising cases of cyber related events, this investment can only offer so much protection. At the centre of it all lies the biggest threat to any well-crafted cyber security program and that is the human being.
The Real Cyber Security Threat
Humans remain the weakest link in the cyber security fabric and proper cybersecurity education and awareness can be the difference between a seemingly secure IT environment and a compromised reputation for an organisation. A quick Google search on the latest cyber security trends and incidents shows that most data breaches, phishing attacks and scams have been targeted and crafted based on the current atmosphere of uncertainty which has left individuals desperate for quick solutions which may unwittingly leave disaster just one click away.
Cyber criminals have been preying on society’s vulnerabilities and 2020 has been no exception. With job losses, panic for a vaccine, fear and hopelessness, the internet is awash with content aimed at spreading fake news and information. Some interesting scams include phishing emails for donations to sponsor the rapid development of vaccines. In April, google blocked over 18 million daily malware and phishing emails related to Coronavirus which used both fear and financial incentives to create a sense of urgency, some even impersonating the World Health Organisation.
Source: Protecting businesses against cyber threats during COVID-19 and beyond: Google Cloud Blog. In an article published by Panda Security: 43 COVID-19 Cybersecurity Statistics, COVID-19 was classified as the biggest ever cybersecurity threat.
To beat the criminal, think like one
Working from home has resulted in quick implementation of remote working solutions and poorly crafted policies. The result: introduction of poorly configured devices, the absence of basic controls to protect the network, exposure of sensitive company information and employees who were never properly trained. It is important to realise that to combat cybercrime, one has to think like a criminal and be aware that they do not only target large organisations or nations. The drive behind these attacks can be as simple as a hacker who is just testing their skills for fun or trying their luck. It remains everyone’s responsibility to ensure that where we see opportunities and benefits in the continuously growing digital space, we also realise the threats.
Not all criminals are external
Oftentimes, the perpetrator is within the organisation. Carelessness, shortcuts and lack of awareness can all result in exposure. With many people working from home, regular awareness must be top priority. With many issues vying for attention, a simple flier about cybersecurity in an email will not suffice. Awareness programs need to be crafted that ensure end users are engaged and aware that cyber security matters are not an IT concern but everyone’s responsibility. Organisations should consider cybersecurity risk as one of the top risks that require regular monitoring.
Inexpensive solutions include:
• Ensuring that the right policies and procedures are in place:
Adequate security controls are implemented and regularly checked:
The latest applications are in use and regularly updated to patch discovered weaknesses and vulnerabilities:
Using secure encrypted connections and networks in transmitting data: and
Ensuring system hardening is in place and that the environment is constantly scanned for new threats and vulnerabilities.
•
•
•
•
Cyber Hygiene in the home setting, protecting the vulnerable
The home environment comes with its own challenges such as reduced privacy. It is easy to listen in on conversations or to have sight of sensitive information through shoulder surfing. Employees working from home need to be aware of the dangers of this information falling into the wrong hands. A good practice to reduce these risks is to invest in a good set of earphones and a privacy screen filter if not provided by the organisation. Camera covers are also very vital and the simple principle of locking your device whilst stepping away can help mitigate risks around data privacy.
Care needs to be taken with minorities previously excluded from the digital world. These are typically children and the elderly. We have a responsibility to also protect these two vulnerable groups. Whilst adults may only need to be educated on use of strong passwords, backing up information etc, the real area of concern lies with the access children now have to the digital world. Online learning platforms which are accessible through the internet have been on the rise. This means that the same threats adults face are also a reality for children. They therefore need to be taught that technology is a wonderful enabler for discovery but that it also comes with its dangers.
Consequently, it is imperative to stay abreast of technology trends to ensure you are also equipped with the right knowledge to impart, especially to children. The content that children are exposed to needs to be constantly monitored. The following ways can be employed to ensure ongoing safety:
• Use of site blocking technology
• Having discussions with children on the dangers of the internet highlighting key areas such as not clicking on certain sites and that once information is online, it will difficult to remove.
Teaching them not to talk to strangers or send them any information without permission.
Using parental control software which enables parents to remotely guide their children as they learn, play, and explore online, by monitoring their activity online activity and reviewing the content they visit, the games they play, even the music they listen to.
•
•
The above methods may not only apply to children. Peers or colleagues within your reach may also need to be informed of some of the dangers within the digital space. Remember that cyber threats do not often come with a big red banner that says, “I am a threat”. They are always carefully crafted and targeted.
Cyber hygiene through personal devices
The world is now at our fingertips with the use of personal and handheld devices. All the information pertaining to you, your family, your spouse, your education, your interests, likes and dislikes, pictures, music preferences, contacts, emails and even work information, can all be stored on one device such as a smart phone. Information is expensive and like anything expensive, or of immense value, information needs to be protected too. Simple checks such as disabling or deleting unwanted applications, downloading applications from trusted sources and reviewing privacy settings can help ensure continued safety. Updating software also ensures that at any given point you have the most secure version of the software. Regular backups, use of virtual private networks, and using secure passwords and two factor authentication can safeguard your information. If your device is also used for work related tasks such as regularly connecting to the organisation’s internal network to send emails, then approved software much also be installed. There are also free online tools that you can use to scan your devices for potential vulnerabilities.
Practicing hygiene with your online presence
Social media is also a great source of information for cyber criminals when they are performing the reconnaissance stage of a cyberattack (information gathering). The information you post on the internet can be the very same information that can be used to formulate an attack against you. It is good cyber practice to only share what is necessary and important, and that does not put you or someone else at risk. We love to post our milestones and achievements in life but this also puts us at risk of identity theft. Using only the information from a google search, all your information including your pictures will be at the disposal of anyone with malicious intent. To know just how much information is available on you, try a simple google search for your name and surname. Is this the information you would want available for the world to see?
Do your part
This year’s theme “Do your part #BeCyberSmart” empowers the average person to take matters into their own hands and ensure that they are responsible for not only their cyber hygiene but that of others as well. As we have all had to settle into our new normal made up of hand sanitizers, face masks and social distancing, the same principle of ‘prevention is better than cure’ also applies with how we interact with technology on a day to day basis. As technology continues to be interwoven into our daily life, we should continue to be vigilant. As the cybercriminal continues to up their skill, we cannot afford to slacken; we must continue to safeguard our digital lives.
This article was compiled by EY as a source of general information and notification and should not be construed as a formal professional/legal opinion. Although reasonable skill and care is taken when providing information, EY offer no warranties or representations as to the information’s accuracy. The information provided is not intended to replace the need for an expert/ legal opinion on interpretation, application and consequences of the relevant legal, technical or regulatory provisions. E Y does not accept responsibility for any loss or damage you or any third party may suffer as a result of utilising the information provided.