Re-posted from abc.net.au – Coronavirus is changing how we work. Online scammers are taking advantage
Australians are now working from home offices and kitchen tables as social distancing measures to slow the spread of coronavirus ramp up. But this change to how we work makes us more vulnerable to cybersecurity threats.
Key points:
- • Criminals are taking advantage of the coronavirus outbreak using phishing scams
- • The healthcare industry could be particularly targeted by hackers during the disruption
- • Businesses with employees working from home need to boost cybersecurity
Australia’s cyber spy agency has warned of scams and phishing attempts, as criminals try and take advantage of the disruption.
Scamwatch has also received 94 reports of COVID-19 scams since the beginning of the year, with numbers expected to rise.
Karl Hanmore, the acting head of the Australian Cyber Security Centre — part of the Australian Signals Directorate — said there are already examples of coronavirus-inspired cybercrime.
“I’d be suggesting people be cyber-alert but not cyber-alarmed,” he said.
“Most importantly, don’t click on links you receive via text message or email, especially if they’re around the coronavirus.”
Phishing scams using COVID-19-themed text messages are already circulating in Australia.
One of them appears to be sent from “GOV” and shares a link that claims to help people find out where they can get tested for coronavirus.
But the link and the sender are fake. Clicking on the link could install malware designed to steal your banking details.
“That’s criminals trying to steal your banking details at a time when you’re least able to protect yourself,” says Mr Hanmore.
Healthcare sector at risk
Some critical industries like healthcare may be subject to increased threat of ransomware attacks during the pandemic, among other risks.
In the United States, the Department of Health and Human Services has reportedly been targeted in recent weeks.
Criminals may focus on industries people are particularly reliant on, according to Ian Atkinson, director of the eResearch Centre at James Cook University.
“So, you can imagine health, banking, people looking at their superannuation funds,” he said.
“People stressed, doing things quickly in panic mode, that’s a great time for a cybercriminal to come in.”
Colin Denver is the chief executive of the start-up SpeeDx, which makes respiratory virus tests, and has a COVID-19 test in development.
His company already had many staff members working remotely, so he believes they are well prepared.
“Realistically, keeping our workers healthy and keeping our business open is probably the biggest concern,” he said.
In his view, it’s vital the companies which make important components like protective medical equipment or ventilators stay online during the pandemic.
“It’s got to be something that is focused on from a much wider level,” Mr Denver said.
“[Ensuring] all the companies that are servicing the increased need for healthcare are able to operate during these times.”
Phishing and the ‘human firewall’
To protect against the potential for “increased opportunism from bad actors”, businesses should undertake basic cyber hygiene, such as patching servers, according to the Australian Cyber Security Centre’s Mr Hanmore.
He also recommends people visit cyber.gov.au for warnings and updates.
To protect yourself from phishing:
- Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know
- Before you click a link, hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window)
- If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video or webpage without directly clicking on the suspicious link
- If you’re not sure, talk through the suspicious message with a friend or family member, or check its legitimacy by contacting the relevant business or organisation (using contact details sourced from the official company website)
Source: Australian Cyber Security Centre
David Eaton, who helps lead cybersecurity at the IT company Datacom, helps manage the risks faced by more than 6 thousand employees around the world.
From Monday, more than 80 per cent of them will work from home.
He said Datacom views employees as “a human firewall” against phishing scams and other attacks — something that may become more challenging as employees are out of the office.
“One of the key defence mechanisms against phishing is a peer who sits alongside you,” he said.
“You can say, ‘look at this, what do you think I should do?’ That peer is no longer there.”
When employees work from home, here are some security practices he recommends businesses consider:
Alerting employees about the potential for phishing
“Part of this is ensuring staff know how to spot a phishing email,” Mr Eaton said.
This could include tell-tale signs, like odd email addresses or malicious links.
He suggested circulating a sample COVID-19 phish to employees, so they have some idea of what to spot.
Using multi-factor authentication
When they’re at home, workers may have to identify themselves to online work systems in a new way.
“That requires multi-factor authentication,” Mr Eaton said, “to allow us to be comfortable that the employee is who they say they are, regardless of the location they work from.”
Multi-factor authentication could include using a separate app to permit entry to online workspaces.
In some cases, it may be appropriate for employees to access critical systems via a virtual private network, or VPN, to help ensure the end to end communication is secure.
Patching your computers and locking down home Wi-Fi
Mr Eaton said he recommends that if employees are doing work, they’re using a work device.
If that’s not possible, it’s important to ensure the device using the latest software update, has been patched, and is using secure Wi-Fi.
In other words, while we work from home, workers must ensure their Wi-Fi is locked down — at least password protected.
Deciding on a chain of command
If your team is spread across the country, or even internationally, Mr Eaton suggested it’s important to decide how decisions get made in case of online disruption.
For example, can decisions be made entirely via email or should a second “factor” (such as video or phone calls) be required?
“Can the process be subverted by a party wanting to cause disruption?” he asked.
Our Services
Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.
Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.
Testimonials
Attentive and thorough, Australia Wide I.T. get onto any of our I.T. problems quickly – with prompt, friendly and efficient service. Whenever we need to upgrade, we know we can trust their knowledge in supplying flawless new equipment that always works both physically, and to suit our needs.
Alison
A very big thank you from me to all of the guys there….You make things so easy for us and are always available to help.
A massive shout out to the Nash though for fixing our printer – you nailed it Nash and not only changed MY life, but also helped to save some trees in the Amazon Forest!
Thanks to you all.
Jo
Thanks for all your help today. Your patience & tenacity for solving the problem is greatly appreciated.
Jacinta
All good as usual, keep up the professional service.
Diana
The team at AWIT deliver nothing but breathtaking service!!!!
Brett
We would recommend you to anyone, anytime.
Thank you all so very, very much for all your support. Not to mention bringing back my files to my Company. I cannot thank you guys enough.
Thanks again.
Leigh
They’ve gotten to know our business so well and they’re truly interested in helping us. It’s like having our own I.T. Department in-house. Australia Wide I.T. takes a personal interest in our team, our business and where we’re going. They’re like family.
Other I.T. companies just didn’t seem to have the same depth of knowledge as these guys. Rather than blame the user (us) they go the extra mile, locate the problem and fix it – Every time!
Coral
Very much appreciate your very quick response today. It was pay day today and I was a bit worried (that we wouldn’t be able to process the pays) but because of you all is well, so a big thanks.
Dale
Our previous I.T. Service Provider was distant, hard to contact and not customer focused. With Australia Wide I.T. we now have great service with a human touch. Our calls are answered promptly and the team is always ready to help in any way.
The maintenance program put in place by AWIT offers us peace of mind that our entire system is correctly and closely monitored.
Monica
Your work last week was amazing. You couldn’t have been more supportive or expert in your conduct. I am very grateful and am amazed at your generous invoicing of last week’s work. I can only repay you by recommending you to as many people as possible.
Thank you. It is refreshing to know that when a problem occurs, you are always there – with great service.
Keran