Perspective on Cyber Security After Pandemic
The COVID-19 pandemic has hit most of the industries hard. Most of our businesses have been forced to change their mode of operation by going online almost immediately. Organisations that have survived this ordeal are clearly moving in the right direction. In my perspective, these organisations have implemented a growth mindset and a learn, unlearn and relearn strategy.
A growth mindset is a belief that intelligence can be grown with persistence, focus and good strategies. Failures are part of learning, and challenges are an opportunity to grow. In this fast and dynamic environment, it is important to adopt the learn, unlearn and relearn strategy. Unlearn old ways of doing things and relearn new ones. This strategy helps our organisation and us to stay current and ahead.
In 2020, offices were shut down, and employees had to work from home. Although there were exceptions for essential services and key economic sectors, most employees working from home connected back to offices using the existing information technology systems such as VPN, clouds, department servers and mobile devices. This work from home or home-office has resulted in an increase in cybersecurity risk. According to polls conducted by CNA, less than half or rather 42 per cent of the companies in SG said they were "very prepared" to cope with these threats. 54 per cent indicated somewhat prepared, 3 per cent said they were not prepared, and the remaining 1 per cent said they did not know whether they were prepared for it. Most of us have dedicated a small portion of our homes to our own office space; hence the importance of cyber hygiene starts from here.
What can we do to save guard our home-offices from cyber threat actors? For a start, ensure all your account passwords are meeting the minimum requirements. A twelve (12) characters password combined with symbols, upper and lower cases could take up to 200 years to crack. Do not reuse passwords across different accounts and separate office account passwords from personal account passwords. In the case when an account password gets compromised and exposed onto the internet, it will not directly affect the other accounts as those are still secured with different passwords. Consider using 2-factor authentication for an added layer of security. Set a unique password for your home wifi routers and share these passwords with others except authorised personnel, such as your family members staying in the same house.
Patch all the devices (mobile phones, laptops, iPads) connected to the home network, including the router itself. Run full scans on your devices with licensed and updated anti-virus software. It is also important to segregate your office work and personal work. Strictly use the office laptop only for office work and ensure the office VPN is connected at all times. You might be leaking sensitive business data if you work on your personal laptop and lacks proper security. It is also recommended not to download and use any free VPNs from the internet as hackers target vulnerable VPN to deploy ransomware onto unsuspecting victims. By adhering to these simple cyber hygiene practices, we can significantly reduce the risk of being vulnerable to hackers.
Threat actors have also taken advantage of the Covid-19 situation by sending specially crafted phishing emails and text messages to targeted groups. It was reported that there was a sharp rise of phishing scams in Singapore about COVID-19. This kind of social engineering attack is usually used to steal users' data, login credentials, credit card numbers, and other sensitive information via bogus websites, emails, and text messages. Social engineering attacks such as phishing and vishing (voice phishing) psychologically manipulate the victims into giving out sensitive information. Personally, I have received a phishing text message informing me to click a link to check my swap test results when I have not gone for one. These text messages should be reported and deleted.
Here are a few pointers to reduce the risk of being a phishing victim. Never open emails and attachments from unknown sources. Always keep a lookout for tell-tale signs in emails such as different sender's email address, strange URL domains and unusual tone in email body or title. Before clicking on any links in the email, check if the URL domain is correct. Be aware of fake websites that looks the same as the original websites. Always check the URL domain of websites before keying in any credentials or forms with personal data.
To lower the risk of being a vishing victim, you can register your phone numbers at the DNC (Do Not Call) registry. Avoid answering calls that are unfamiliar to you. Always treat every call with a healthy level of suspicion. Do challenge the caller for their identity. Be aware that even if the caller has your information, it might still be a scammer.
Overall, COVID-19 has brought many challenges to the Cyber Security industry. It has forced organisations to beef up their security to cater to employees working remotely or at home. As there are more home-offices on the rise, every individual must be equipped with Cyber Awareness knowledge and practice Cyber Hygiene.