The Covid-19 coronavirus plague is changing our habits more and more as we stay at home to avoid the virus or avoid spreading it onwards. Now we are strongly relying on our home networks and the Internet to perform our work, continue studying and connect with others in our social circles.
But this state of affairs is drawing out its own cyber-security risks, with computing devices being vulnerable to malware and the existence of hastily-written software being preferred of tasks like videoconferencing. Not to mention the risk of an increasing flow of fake news and disinformation about this disease.
What can we do?
General IT security
The general IT security measures are very important even in this coronavirus age. Here, you need to make sure that all the software on your computing devices, including their operating systems are up-to-date and have the latest patches. It also applies to your network, TV set-top and Internet-of-Things hardware where you need to make sure the firmware is up-to-date. The best way to achieve this is to have the devices automatically download and install the revised software themselves.
As well, managing the passwords for our online services and our devices properly prevents the risk of data and identity theft. It may even be a good idea to use a password vault program to manage our passwords which may prevent us from reusing them across services. Similarly using a word processor to keep a list of your passwords which is saved on removeable media and printed out, with both the hard and electronic copy kept in a secure location may also work wonders here.
Make sure that your computer is running a desktop / endpoint security program, even if it is the one that is part of the operating system. Similarly, using an on-demand scanning tool like Malwarebytes can work as a way to check for questionable software. As well, you may have to check the software that is installed on all of the computing devices is what you are using and even verify with multiple knowledgeable people if that program that is the “talk of the town” should be on your computer.
If you are signing up with new online services, it may even be a better idea to implement social sign-on with established credential pools like Google, Facebook or Microsoft. These setups implement a token between the credential pool and the online service as the authentication factor rather than a separate username and password that you create.
As well, you will be using the Webcam more frequently on your computing devices. The security issue with the Webcam and microphone is more important with computing setups that have the Webcam integrated in the computer or monitor, like with portable computing devices, “all-in-one” computers or monitors equipped with Webcams.
Here, you need to be careful of which programs are having access to the Webcam and microphone on your device. Here, if newly-installed software asks for use of your camera or microphone and it is out of touch with the way the software works, deny access to the camera or microphone when it asks for their use.
If you install a health-department-supplied tracking app as part of your government’s contact-tracing and disease-management efforts, remember to remove this app as soon as the coronavirus crisis is over. Doing this will protect your privacy once there is no real need to manage the disease.
Email and messaging security
Your email and messaging platforms will become an increased security risk at this time thanks to phishing including business email compromise. I have covered this issue in a previous article after helping someone reclaim their email service account after a successful phishing attempt.
An email or message would be a phishing attempt if the email isn’t commensurate with proper business writing standards for your country, has a sense of urgency about it and is too good to be true. Once you receive these emails, it is prudent to report them then delete them forthwith.
In the case of email addresses from official organisations, make sure that the domain name represents the organisation’s proper domain name. This is something that is exactly like the domain name they would use for their Web presence, although email addresses may have the domain name part of the address following the “ @ “ symbol prepended with a server identifier like “mail” or “email”. As well, there should be nothing appended to the domain name.
Also, be familiar with particular domain-name structures for official organisation clusters like the civil / public service, international organisations and academia when you open email or surf the Web. These will typically use protected high-level domain name suffixes like “.gov”, “.int” or “.edu” and won’t use common domain name suffixes like “ .com “. This will help with identifying whether a site or a sender is the proper authority or not.
Messaging and video-conferencing
Increasingly as we stay home due to the risk of catching or spreading the coronavirus plague, we are relying on messaging and video-conferencing software more frequently to communicate with each other. For example, families and communities are using video-conferencing software like Zoom or Skype to make a virtual “get-together” with each other thanks to these platforms’ support for many-to-many videocalls.
But as we rely on this software more, we need to make sure that our privacy, business confidentiality and data security is protected. This is becoming more important as we engage with our doctors, whether they be general practitioners or specialists, “over the wire” and reveal our medical issues to them that way.
If you value privacy, look towards using an online communications platform that implements end-to-end encryption. Infact, most of the respected “over-the-top” communications platforms like WhatsApp, Viber, Skype and iMessage offer this feature for 1:1 conversations between users on the same platform. Some, like WhatsApp and Viber offer this same feature for group conversations between users on that same platform.
Video-conferencing software like Zoom and Skype
When you are hosting a video-conference using Zoom, Skype or similar platforms, be familiar with any meeting-setup and meeting-management features that the platform offers. If the platform uses a Weblink to join a video-conference that you can share, use email or a messaging platform to share that link with potential participants. Avoid posting this on the Social Web so you keep gatecrashers from your meeting or class.
As well, if the platform supports password-protected meeting entry, use this feature to limit who can join the meeting. Here, it is also a good idea to send the password as a separate message from the meeting’s Weblink.
Some platforms like Zoom offer a waiting-room function which requires potential participants to wait and be vetted by the conference’s moderator before they can participate. As well these platforms may have a meeting-lockout so no more people can participate in the video-conference. Here, you use this function when all the participants that you expect are present in the meeting.
You need to regulate the screen sharing feature that your platform offers which allows meeting participants to share currently-running app or desktop user interfaces. Here, you may have the ability to limit this function to the moderator’s computer or a specified participant’s computer. Here this will prevent people from showing offensive imagery or videos to all the meeting’s participants. As well, you may also need to regulate access to any file-sharing functionality that the platform offers in order to prevent the video conference becoming a vector for spreading malware or offensive material.
Fake news and disinformation
Just like with the elections that count, the coronavirus issue has brought about its fair share of fake news and disinformation.
Here, I would recommend that you use trusted news sources like the respected public-service broadcasters for information about this plague. As well, I would recommend that you visit respected health-information sites including those offered “from the horse’s mouth” by local, regional or national government agencies for the latest information.
As well, trust your “gut reaction” when it comes to material that is posted online about the coronavirus plague, including the availability of necessary food or medical supplies. Here, he careful of content that is “out of reality” or plays on your emotions. The same attitude should also apply when it comes to buying essential supplies online and you are concerned about the availability and price of these supplies.
As we spend more time indoors and online thanks to the coronavirus, we need to keep our computing equipment including our tablets and smartphones running securely to protect our data and our privacy.