Working From Home: COVID-19 Not Only Hygiene Risk, IT Risks High
Kiwis in lockdown especially those working from home and using home computers and other digital devices need to take IT hygiene precautions as well as their health precautions to avoid the coronavirus.
Delta International Group Managing Director Ian Pollard says the controversy over the use of Zoom as a video meetings platform at high levels has thrown a spotlight on an aspect of the COVID-19 emergency that hasn’t had a lot of attention – but says Zoom isn’t the biggest and only issue.
“This is a time when not only is the world in a state of disorder and confusion resulting from the pandemic, making it easier for online hackers to cause trouble, but we also have virtually everyone locked down at home and in many cases continuing to work,” says Pollard. “That means they’re using IT platforms that possibly fall well short of the security they had at work. Plus they are using online technology substantially more to communicate and for leisure.”
Pollard says typical risks from home business IT activity include:
- use of non-sanctioned devices to access corporate data in a myriad of well-known applications which could lead to ransomware attacks or data compromise.
- sanctioned devices being left unencrypted and vulnerable to theft in the home, which could lead to unnecessary exposure
- deficiencies in logging and asset identification which could complicate identifying legitimate vs unauthorised access
- receiving and opening emails or attachments from unknown (or even known) sources.
- financial scams / unauthorised financial losses
- ID theft
- Personal Data loss from less secure personal devices – blurring of lines between work and personal usage.
Those at home can avoid the worst risks by taking a number of simple precautions in their IT set-up and usage, says Pollard. Delta’s advice to home IT users was:
- employ Multi-factor authentication (MFA) – a vast majority of data breaches over the last few years we have dealt with could have been avoided with MFA (a strong password is not enough anymore)
- encrypt all devices and avoid unsecured WIFI networks
- be very suspicious about links and attachments from unknown sources
- be equally suspicious about payment requests or emails from unknown sources
- have a BCP plan in place as a business
- always connect with a VPN if you are connecting to a public network
- be aware of the current increase in “phishing” scams including apparent COVID-19 advice emails
- monitor for stolen data on the dark web
- be sceptical of advice that doesn’t come from official sources, particularly if it’s been sent to you unexpectedly
- protect your passwords and login credentials, don’t enter these into any websites relating to the COVID-19 virus
- Keep your devices and anti-virus software up to date and run regular checks.
Pollard also recommended home users sign up to and monitor updates from CERT NZ and Netsafe and report suspected malware or phishing attempts to CERT NZ.
He says cyber-security was a rapidly growing risk even prior to the COVID-19 emergency, and led the company to introduce a unique insurance product covering cyber-risk and a focus on household cyber insurance risks last year along with a partnership with global leader in personal cyber solutions Dynarisk.
“In our experience, taking these simple precautions can save an enormous amount of grief, time and money. Cyber-crime – scams and hacking etc - had become a huge global industry and with the virus it’s even more menacing when it’s impacting the household environment alongside the business sector.”
Cyber Risk – snapshot
Symantec Corporation report 2019
- In 16 countries studied (including NZ) – 800 million victims of cyber-crime (37% of population)
- 117 million suffered from identity theft, including 165,000 New Zealanders
- 38% of people encountering cybercrime suffered financial loss
197 cyber security incidents were reported by New Zealanders in the period October – December 2019, and 4,740 in total in 2019. Incidents of phishing and credential-harvesting accounted for the greatest number of reports in both Q4 and across the year, with the financial impact of these totalling $16.7 million in 2019.