By Stephane Duguin, CEO of the CyberPeace Institute
The outbreak of COVID-19 has not only caused a global pandemic, but it has also provoked the spread of what seems to be an unstoppable spread of online disinformation. Beyond crippling public response to the outbreak and undermining trust in the healthcare sector, this “infodemic” has proved to be fertile grounds for cyberattacks.
The weaponization of the information landscape is not a new trend. It is a phenomenon that has taken place with regard to major epidemic outbreaks and tragedies, such as the Ebola and Zika viruses and the Charlie Hebdo terrorist attack in 2015. Attackers have historically abused the anxiety and uncertainty caused by global tragedies and the overconsumption of information. What’s new with COVID-19-related attacks is that malicious actors are also exploiting the social distancing measures that have forced millions of people to stay home and which will profoundly impact remote working for years to come.
This situation creates a perfect storm: an acceleration of cyberattacks, an increased dependence upon our home network, and little capacity to secure it. Over a few weeks, our home has been transformed into our organization’s digital embassy where we do not benefit from any privilege or immunities against cyberattacks. As several businesses are rethinking the usage of office space in the light of remote working, the situation is here to stay.
The question is: how can we stay safe? Our domestic IT systems have not been set up for office use, and having personal appliances (i.e., smart TVs, videogaming consoles) on a network where we deal with work-related sensitive information is far from good practice. Guides to increase cybersecurity are multiplying, but their technical focus sometimes makes them difficult to implement. In a situation where the family computer becomes the hub where the family works, plays, communicates, manages banking, and orders food, there is a need to improve cyber hygiene. What are some easy steps to implement actionable cyber hygiene?
In the physical world, countering COVID-19 requires the respect of two basic rules: adhering to strict personal hygiene and protecting the community through collective action. Essentially, it is more about having the right mindset rather than the right technical skills. It is exactly the same online. As a matter of fact, we already all have the skills needed to counter a vast majority of cyberattacks. Through the implementation of simple steps, much like how you already contribute to stopping the spread of COVID-19, so too can your online actions help to stop the spread of digital viruses. It is not a silver bullet – no more than any cybersecurity guidance – but it focuses on what each and every one of us can already do. It is hard to become a cybersecurity expert, but it is easy to be an informed and efficient cyber citizen. Your daily actions will make defending your cyber home as easy as child’s play.
- STOP: Be a cyber watchdog to stop the threat.
Malware can hide inside a message, an image, a link, or an attachment — in email, texts, group chats… wherever you receive them. Don’t hover over or click on links that come from unknown or unusual sources. Don’t open attachments from unfamiliar senders or if the subject line is questionable. Don’t open pictures or play videos without verifying files with antivirus software.
- INVESTIGATE: Be a cyber analyst to validate the source.
Knowing the senders doesn’t mean that the message is safe as it could still carry malware. Do a quick search to cross-reference the claims via multiple sources. When possible, trace them back to the original source. Ask yourself: Why did I receive this? Did I initiate this conversation? If not, don’t open it. For example, why is the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC) sending you an unsolicited email rather than going through official channels? Be extra cautious if the text feels machine-translated, has typos, and/or poor grammar.
- CONTAIN: Be a cyber citizen and keep your community safe.
The rule of thumb: if you are not sure about the content, don’t share it. Don’t spread anything that doesn’t add up; it could lead to cyberattacks. Don’t retweet or forward anything you don’t trust. It may not seem like it, but these actions help to facilitate cyberattacks. Don’t be the one who spreads the virus.
- REPORT: Be a cyber guardian and report the attacks.
Cyberattacks happen every day, and most of them are never reported. Don’t let the bad guys get away with it. Report attacks on official platforms as it prevents others from being targeted. Reports help to build cases against attackers and hold them responsible; your actions make a difference. Spread the word about good practices