Cybersecurity during Coronavirus
September 4, 2020
Categories: Security and Intelligence
Coronavirus is a significant threat to digital security.
Criminals are leveraging elevated interest in COVID-19 to send emails to unsuspecting people to infect computers with ransomware, malware or other computer viruses. And why not?
There’s a tremendous curiosity for coronavirus information — so people are more likely to click without checking the credibility of the source.
According to Forbes, the COVID-19 crisis has turned the U.S. workforce into a work-from-home army, giving cybercriminals new, less secure, access points for cyber viruses and phishing attacks, revealing vulnerabilities in cybersecurity strategies for the coronavirus crisis.
The health care, manufacturing and pharmaceutical industries have been the primary targets, but any industry could be compromised by cybercrime.
An article in Computerweekly noted there used to be one criminal campaign a day worldwide; now there are three to four a day. Between March 1 and May 15, research by IBM Security Systems noted a 5,000-plus percent increase in COVID-19 spam. All it takes is one accidental click to give a criminal access to your computer and company data, compromising your information security.
So how do you remain cyber safe while traveling and, now due to coronavirus pandemic, working from home? Knowledge. When you are aware of the specific threats to your information and your associated devices, you’ll be less vulnerable to digital threats.
Cyber Safety in Any Location
Digital security is the protection of all your information stored in the virtual world and your devices, which you use to access the information. Personal data includes your identity, your personal and business correspondence and your financial information. Corporate data includes intellectual property, trade secrets and contact lists.
When traveling, we always think about our valuables: we protect our passport, wear pickpocket-proof clothing and leave the expensive watch at home. In reality, your digital information — stored in your laptop, smartphone, tablet and USB drive — is far more valuable than any material item you might have.
If your company had traveling employees, most likely you were ready for the work-from-home shift. Travelers were aware of all the digital tools at their disposal to stay connected and company IT departments had already boosted security measures and systems to accommodate.
Organizations with mainly on-site employees may need a quick primer on cybersecurity during coronavirus.
How Crime Happens
Few crimes are “random.” Even the smallest crimes require some surveillance. Criminals want to choose the easiest, yet most lucrative, target. In the physical world, you can be a difficult target by being heads up, streamlined and confident.
This concept is more difficult in the virtual world. An experienced traveler may easily recognize a criminal conducting surveillance or “casing” potential victims in a hotel café, but are they able to realize that the person sitting next to them is collecting crucial personal information about you on the Internet?
This could include eavesdropping to hear a phone number, photographing a luggage tag with an address, or keeping a discarded boarding pass with your name and flight schedule. Addresses, phone numbers and names are examples of information that with a simple internet search, could provide a vast amount of detail about you and your family’s personal life. This information could provide amplifying details to enhance the success of a virtual criminal scam or lead to a physical crime.
Criminals choose the digital platform for many reasons: the criminal does not need to be physically present, the associated anonymity and the limited enforceability of cyber laws. Threats in the virtual world are also more difficult to recognize and their methods and recognizable characteristics change and adapt when challenged.
This makes digital security more than complex passwords, not connecting to random Wi-Fi networks and turning off Bluetooth when not in use.
Before You Travel or Work Remotely
You should address digital security concerns during your pre-travel planning and research. A personal security risk assessment needs to include:
- A review of the devices you’ll bring with you
- How to protect your devices
- The information on your devices
- The laws of your destination
Review the Technology You’ll Bring
Ask yourself what devices you will need for the trip, prioritize and customize your digital needs. The priority of your requirements depends on the location, duration and purpose of your trip.
Let’s take a look at your cell phone. What email accounts do you need to have on your smartphone? What text messages should you delete? What applications will you use most?
Some examples of essential applications may be airlines, weather, expense management, exchange rate and translation apps. Configure your phone so this information is readily accessible and you do not have to have your eyes on your phone for extended periods, reducing your overall awareness.
If you are going to need to make a lot of local calls, buying a local phone is a better idea than replacing your mobile phone Sim card with a local Sim card. But keep your own phone in case of an emergency, as the new local number may be unrecognizable to those back home.
For higher-risk or privacy-adverse regions, consider taking a new laptop containing minimal information. You may choose to create new email accounts for the trip. Inform important contacts with the changes before travel.
How to Protect Your Devices
Most data breaches in digital security can be linked to a human mistake, whether an accident or through negligence. Digital security products and procedures will improve — but only to the level of the people who employ them. Human error is always the weak spot in any travel security plan. You can mitigate this vulnerability through effective pre-travel planning.
- All information and files should be backed up and stored separately back at home and or in the cloud.
- Passwords for devices and accounts should be reviewed and changed. If passwords are due to expire, you can be assured they will terminate at the most inconvenient and critical portion of the trip.
- Check cell phone or email service coverage in your destination to make sure you will have access to the devices or methods you have designated for two-factor authentication.
- Have the ability to remotely delete data from your devices if they become lost or stolen.
- Do not use public computers, printers or fax machines and do not plug into public charging ports.
Be conscious of digital as well as physical threats to your devices and data. Protection for your devices should include hard cases, screen protectors and waterproof protection, if necessary.
Remember the insurance policy you have on your device is useless while abroad — you won’t be able to do anything until you return home.
A Self-Assessment of Your Information
It is essential to review and update all the privacy information on your social media accounts. It is not uncommon that they change from device to device without the user noticing.
Check to see if you have location services running and on what applications — there are both advantages and disadvantages to this feature.
The Laws of Your Destination
What are the information technology, internet and privacy laws at your destination? Why are these laws in effect? Would any of your information raise the interest of law enforcement?
Keep in mind you are subject to the laws of the countries you visit. When entering those countries, you enter an agreement to obey and be accountable to those laws. As a foreigner asking to enter a country, your privacy rights are limited and your entry may be contingent on a digital inspection that includes password-protected devices and accounts.
While You Work Remotely
The ability to stay connected to home or the office while off site has never been easier than it is now. Regardless of your chosen level of connection — a complete mobile office set up versus a cell phone with email capabilities — there are travel digital safety considerations unique from the procedures and requirements for digital security in your home or at the office.
Connecting To The Internet
Be selective with how you access the internet. The critical nature of the information accessed or transmitted on a connection should be balanced with the security characteristics of the connection.
All internet connections are not equally secure and while traveling, your options to connect to the internet will vary. You should be aware of which ones are safer than others and establish boundaries for what sort of activity you do while connected.
An excellent general rule while abroad is to assume that no internet connection is completely secure — especially from government monitoring.
Wired internet (or ethernet) connections are the most secure. With this sort of connection, the number of users is significantly reduced and a higher level of skill is required to capture information.
The next safest connection is the data connection through your phone, supported by Wi-Fi. Of course, all Wi-Fi is not equally secure.
WPA-2 (Wi-Fi Protected Access 2) with a unique password is likely more secure than WPA-2 with a shared password. Wired Equivalent Privacy (WEP) connections are less safe and require a less sophisticated criminal to breach. Open or free Wi-Fi is the least secure. This is a Wi-Fi system accessed through a website rather than a traditional selection and log on process.
You should be especially cautious about connecting to the internet at your hotel. Hotels present attractive targets for criminals. There is a large amount of valuable sensitive information passing through a hotel and much of it is poorly protected. All of this information, combined with a large number of tourists or business travelers expecting convenient internet connections, provides a “perfect storm” of conditions for digital theft.
Here’s one example. Spoofed, fake or disguised Wi-Fi connections are connections purposely set up by criminals to steal your data. These connections are set up by criminals in areas highly trafficked with persons looking for an internet connection. The name of the network may be similar to the legitimate system and the criminal who set up the spoofed system is hoping a user’s requirements for convenience outweighs their knowledge or concern for safety.
Some other tips for safely managing Wi-Fi use while traveling includes:
- Turning off the auto-connect feature on any of your devices
- Logging off and then logging on for each connection
- Using the “forget network” feature
- You should avoid public Wi-Fi just as you would avoid a dark alley near a bus station
Encryption is a process where a clear or plain text message is encoded into cipher text so that only the intended recipient can decode and read the original plain text message. Encryption assures that you — and only those you wish to share digital data with — will receive the original message in a readable form.
There are many levels and methods of encrypting devices, networks, messages, emails and applications. Ensure you can recognize encrypted and unencrypted websites, messages and emails and then manage the use of those systems accordingly. If a website is encrypted, “https” will precede the web address. You should look for this at every page you visit within the site, not just at the login page.
It is more difficult to determine if a mobile app is using encryption because it requires additional research. Rather than using a questionable app on a less secure connection, switch to the application’s corresponding website or switch to a more secure Internet connection, such as a cellular data or wired network.
Encryption is illegal in many countries, so do not attempt to hide the fact you are running encryption systems when clearing customs. Customs agents can and often ask to inspect devices. You will need to provide them with the passwords for devices, email accounts and applications. Be aware of this possibility ahead of time.
Virtual Private Networks
Virtual Private Networks (VPNs) can disguise your IP address and your location, making it difficult for websites, advertisers, governments and criminals to identify your specific information or data.
A VPN can enhance your security if you must use a less secure or open Wi-Fi connection. The less safe the internet connection is, the more you should think about using a VPN.
While the VPN can increase security, it can somewhat decrease capability or speed. If the signal is weak, it may be challenging to connect while running a VPN. VPNs usually have a separate sign-on process, so it may be a good idea to ensure that it is working correctly before accessing or transmitting important information.
VPNs can circumvent internet restrictions placed by governments, yet by using a VPN you may be restricted from important local information. VPNs are illegal or heavily regulated in many countries, such as China, Russia, Iraq, North Korea, Belarus, Oman and the United Arab Emirates.
VPNs do not make you, your computer, or your computer activity anonymous. A VPN can protect you from hackers and other digital surveillance, but VPN service companies are aware of your identity, log activity and additional account information.
An increase in hacker and other criminal capability has led to a requirement for additional procedures for logging into a device, internet, or email account. There are several ways login passwords can be stolen:
- unencrypted, open Wi-Fi connections
- keylogger software
- brute-force attack programs (programs that submit passwords until one works)
- shoulder surfing (spying on a user to obtain personal access information)
- social engineering attacks, like phishing or tailgating, where the attacker relies on the negligence of the user.
With two-factor authentication, a password and an additional authorization factor is required before access is granted. Two-factor authentication is more secure because it requires a knowledge factor (a password) and a possession factor (something the user has or receives). For travelers, this could be a time-sensitive code delivered by SMS or a code generated by an authenticator application.
Two-factor authentication seems simple until you arrive overseas and realize you are out of your cellular service coverage, do not have an international plan, or the email service you are logging on to cannot send an SMS text to a phone abroad.
Before heading overseas, you should contact your cellular provider and ensure your phone is compatible with the region you are visiting. You can also change the method of the possession factor to an authenticator application that does not rely on a cellular or internet connection.
Additional Work from Home Suggestions
All of the recommendations for cyber safety while traveling are applicable for cyber safety while working from home. Global Rescue security experts offer these reminders to keep your computer COVID-19 proof:
- Even though you really might want to know if you’ve come in contact with someone infected with coronavirus, don’t open anything from an unknown or untrusted source.
- It is important to keep your computer updated, but check with IT before downloading any software updates or patches. Everyone is on camera thanks to Skype and Zoom.
- Make sure you set your laptop up in an area that provides no details about who you are or where you live. And don’t post your passwords where people can see it.
- Back up all your important files and store them independently from your system.
Check with your IT department to make sure you understand any new security requirements while working remotely from home. There may be additional requirements because of the expanded volume of personnel working remotely.
A little knowledge can go a long way. By expanding your knowledge about digital safety, hopefully to the same level of your understanding of physical security, will protect your information security while traveling or working remotely.
Whether your work force is on the road or set up at home, Global Rescue’s comprehensive consulting services provide enterprise clients with travel risk management assessments and enterprise wide protocols to keep employees safe through every part of a travel experience.
To learn more about Global Rescue’s capabilities, click here.
Travelers are torn between the safety of staying home and joy of traveling. ...
With international travel unpredictable, many American climbers – and some ...
Travelers are torn between the safety of staying home and joy of traveling. ...
With international travel unpredictable, many American climbers – and some ...
Amid public confusion about the needs, effectiveness and purposes of coronavirus ...