5 ways to protect yourself from cyberattacks during COVID-19

Written by Holly Thomas-Wrightson on Monday May 25, 2020

---

With governments around the world having intervened to curtail non-essential travel and social gathering to minimise the spread of COVID-19, more of us than ever are now working from home. Whilst for many working from home isn’t new, the scale of this shift, combined with the suddenness with which it was required, seems to have heightened the risk of cyberattacks.

As recently seen in Italy , cyber criminals are making attempts to test the cybersecurity of those now working from home. Whether that’s through phishing emails or taking advantage of weaknesses in software or Internet connections, the risks posed by these attacks should be taken seriously. Below, we’ve collated some ways to help defend yourself and your business from these potential threats.

1. Be careful when downloading software

If you need to use your own computer for homeworking during this time, you may find yourself missing some of the applications needed to complete your work. However, downloading this software independently can heighten the risk to you and your business. Fake software download files are a favourite criminal method for tricking people into downloading malware. Instead, contact your IT department to ask them for help getting set up, as they may have a list of recommended download locations or ways to provide you with safe access. While it may take a little longer to get access if they are experiencing high demand, this is preferable to accidentally downloading malicious files and giving cybercriminals easy access to your data, both personal and professional.

2. Protect your devices

Whether you are using your own device or one issued by your employer, make sure to be sensible with it and keep it digitally and physically safe. Make sure there is an active antivirus in place to protect against viruses and malware. Use a secure Internet connection to protect your online activity, and keep work laptops and phones safely hidden away when not in use.

3. Treat any unexpected email with a healthy level of suspicion

Receiving emails from businesses you recognise may make you feel safe in opening them. But we should remember that cybercriminals use templates from credible sources as a way of tricking people into clicking links to malware-delivering websites, ones designed to encourage you to make a payment or reveal login details. Emails were recently sent, for instance, from an account claiming to be from the World Health Organization asking for help funding research into a coronavirus vaccine. [1] Other examples include emails purporting to be from banks or websites like PayPal, warning of possible breaches and asking you to log in to your account via a link provided in the email. Thankfully, there are a number of ways of checking their authenticity.

• Take a moment to check the origin and the email’s content. These attacks often come from email addresses that are spelled or formatted slightly differently to legitimate accounts (e.g. using ‘.org’ instead of ‘.co.uk’). Others may be recognised by their poor spelling, grammar or formatting in the body of the email.
• Take a moment to consider why the company would be contacting you if you are not already subscribed to its content or otherwise given it your email address in the past. If you have never received an email from this company before, why (and how) would it have your contact details now?

If in any doubt, come away from the email and access the website in question through your browser rather than opening any links it provides.

4. Report any suspicious emails or links

If you see or receive something that doesn’t look right, report it. If what you suspect is a phishing email is sent to your work email address, contact your IT team (use a specific inbox for phishing emails if they have one in operation) and make them aware of it, and check if they want you to forward it for investigation. This may help them improve defences against this type of attack in future, or raise awareness in the business to be on the lookout for this type of email.

Consider forwarding them to authorities outside of your business too. The National Cyber Security Centre (NCSC – a branch of the GCHQ) has launched a Cyber Aware campaign, [2] a main feature of which is their Suspicious Email Reporting Service. This is intended as a way for people to report the numerous phishing scams and fraudulent websites that are designed to capitalise on public worry about the coronavirus pandemic. The NCSC reported [3] receiving 5,000 suspicious emails within 24 hours, which resulted in them shutting down over 80 malicious web campaigns. They are asking people to contact them through [email protected] with information on any suspicious web content, so that they can investigate, block scam email addresses and remove fraudulent websites, as well as raise awareness for more common scamming methods that are being found. [4]

5. Password security

When talking about cybersecurity, we can’t omit the importance of a secure password. While it’s a good place to start, just using something including a capital letter, a number and a special character isn’t enough. Admittedly it’s easier to remember one password for everything but this ease can be preyed upon by cybercriminals. If you are caught out by a scam email directing you to a website that asks you to make an account with your email address and password (or you just try to access a legitimate website that is not secured properly), and you have used those details for other websites, then this is an easy gateway to those other sites. Here’s some handy ways to create unique (but memorable) passwords:

• make one with three words that aren’t obviously connected, but that you will be able to remember e.g. DogTelevisionSkull
• abbreviate or shorten each word in a movie/book quote or song lyrics e.g. YgnabbJ for the quote ‘You’re gonna need a bigger boat’ from Jaws (1975)
• create your own phonetic alphabet and use this to spell out part of the website you’re using it for e.g. FabricAppleCanada for Facebook .

Adding or replacing some of the letters with numbers and special characters will help make these passwords secure and hard to crack for hackers, but easier for you to remember.

The important thing to remember is that if you believe you have accessed something that might put your business at risk, it’s better to get in contact with someone who can help than to just hope for the best. Contact your IT team to give them the details and be honest. They may be able to help you and mitigate any risks. If you believe you have made a payment to a fraudulent website, contact Action Fraud immediately through http://www.actionfraud.police.uk/ . If you are worried that your email address may be breached, consider using the website https://haveibeenpwned.com/ . This allows you to check if any websites in which you’ve used your email have been subject to data breaches.

For more recommendations about how to protect against cyberattacks, see NSCS’s recommendations here .

[1] World Health Organization, ‘Beware of criminals pretending to be WHO’: https://www.who.int/about/communications/cyber-security – accessed April 2020

[2] NSCS, ‘Cyber Aware’: https://www.ncsc.gov.uk/cyberaware – accessed April 2020

[3] NCSC, ‘Public embraces email reporting service created after spike in coronavirus-related scams’, 22 April 2020: https://www.ncsc.gov.uk/news/public-embrace-new-email-reporting-service – accessed April 2020

[4] NSCS, ‘Phishing: how to report to the NCSC’, 21 April 2020: https://www.ncsc.gov.uk/information/report-suspicious-emails – accessed April 2020

---