Introduction:

In a recent forty-five-minute webinar about the state of cybersecurity in COVID-19 times, Mikko Hypponen, an expert on the matter to whom the Hypponen Law of IoT security is credited, said that during the time of a crisis bad actors on the internet becomes active. 

Now, that’s not the end of the list of vulnerabilities and precautions he warned his viewer about. We will get to that later. First, let’s take a step back and look at how you might be affected by the surge in security compromises on the internet. 

Assuming you are working from home, you have been using some kind of instant messenger software, with or without video conferencing options, e-mail clients, and other various sorts of communications software. While on the office floor you were pretty safe behind a corporate firewall and a team of IT personnel came to look at your computer at the first glance of an irregularity, but in your home, you are connected to the internet through a regular internet service provider and a router that has not seen password changes in six months or a year.

 

Also, you may practice safe browsing habits. Other members of your family might not be so careful. In these cases, all of your personal, private, and/or corporate information are wide open to compromise. 

State of International Cybersecurity in COVID-19 Times

Officials of the EU and the UN are anxious about these situations. In the era of a novel coronavirus, we are forced to isolate ourselves to flatten the curve—so that we don’t get infected, if we are already not, or become the carrier by whom ten other people get infected causing a chain reaction of infections. Thus, we have been introduced to the term “social distancing.” The United States has shut down or postponed many services that they deem “non-essential.” And working from home has become the new norm in this ever-connected world. 

But, we were not ready, neither were those officials from European Union and United Nations. Their daily and frequent communications are being done by video conferences and a constant stream of emails thrown back and forth. All the information, sensitive or otherwise, is being transmitted by the internet. This is a very lucrative opportunity to steal said sensitive information. One such official has exclaimed that these video conferences are an open invitation for hackers. Since we were not ready, ready to cope with this vulnerability, we all have become targets of phishing, malware, eavesdropping, spoofing, or another assortment of cybersecurity threats in COVID-19 times. 

Now, let’s focus on the corporate environment again. Let’s say a certain pharmaceutical firm has been working tirelessly day in and day out with the view of finding a vaccine to cure the patients most prone to death of the coronavirus. And for a sniff of that extremely valuable piece of information, corporate espionage is being mounted on an unprecedented scale, by any actor, nation, or otherwise. What disaster might happen if that formula ends up in the wrong hands? 

 

In that webinar Mister Hypponen shows us several images from a hospital in Italy, a country devastated both economically and in thousands of human lives by COVID-19. In those images, as Mikko points out, there are computers and connected devices accompanying all the patients lying in those hospital beds. Those computers contain vital information regarding the condition of the patient and the progress of his or her recovery. No one can say for certain that those computers are under ironclad security of state-of-the-art firewalls or anti-malware protection. 

Mister Hypponen also shows us that these kinds of situations, situations where pandemics ravaging lives all over the globe and healthcare systems are on the brink of being overrun, are the kinds of instances when hackers find the hospitals as ripe targets for ransomware attacks. He shows us various cases of such attacks in real life, happening in the first world hospitals. Even in 2020, the Pleasant Valley Hospital in West Virginia, US was reported to be attacked by ransomware. And the worst-case scenario, a small-town hospital in California, the Wood Ranch Medical, declared bankruptcy under the threat of ransomware.

These are not the least of our worries. Because when all the government agencies are rushing towards keeping the economy stable, there might be a window to launch an attack by interested groups on any nation’s critical infrastructures, such as water, gas, or even the electrical grid. Where the coronavirus may not be a biological weapon, it can open avenues for other attacks just as easily.

Another potential target of cyber security breaches may be the intellectual properties held by persons or organizations. Proprietary information has always been a target of the black hats, to get and sell in the dark web to the highest bidder. And given the opportunity of a professional sitting at their home computer with maybe an outdated Windows XP or compromised internet security software can be an easy conduit of intercepting such information. 

All the ways a malware may propagate, in this time, the most effective way is thought of as the phishing links disguised as a news article relating to the coronavirus. We are all reading these news articles, and some of us may be less careful about the origin of such links before clicking on them. Other ways might be the macros in the word or excel files that are being sent to us from mail addresses bearing an uncanny similarity to our official webmails.

Some of them might announce one of our colleagues might have caught the virus, so they want some information to better organize a quarantine. Others may want our log-in information saying that the mail clients have been updated and we must log in again using the link. 

Tips for Cybersecurity in COVID-19 Times

 

Experts are not just issuing cautionary tales without giving some solid, easy-to-follow advice on how to stay reasonably safe during these unforeseen, trying times. The first of which is using and masking everyone’s internet activity by a VPN. VPNs are virtual private network software. They encrypt and bounce the data packets through different servers before they reach their destinations. So, anyone who might try to snoop around on our internet activity might find them uninteresting and insignificant. And ignore them altogether, or cannot decrypt the data packets in case they are intercepted.

There are free options and paid options on VPN services. Some paid versions may offer one to more months of free trials. Using them is highly advised by all the experts who have been warning the public about the dangers of a vulnerable connection. 

If you have not changed them already, now is the best time to change your wi-fi and router passwords to something more robust and unpredictable. Passwords with 8 or more characters containing both upper and lower cases and some special characters such as the pound sign or hashtag, exclamation point, caps, etc along with some numbers are considered being strong. Some sign up forms have password strength meters at the bottom of the password box to show how difficult it is to guess your password by anyone who might want to guess them. 

Keeping your operating systems updated ensures it has all the latest security measures put in place. The updates fix bugs as well that could have been exploited by the hackers. So, if you had been putting off that annoying windows update, it is better to run it now than later.

Another measure to keep your operations safer is to separate the work computers from those that are usually used for entertainment. This is a good practice because the entertainment websites may be cloned, and to any pair of unsuspecting eyes they may appear legit but are just cloned to collect your log-in information, mail address, and browsing history. They fetch a great price in the targeted advertisement business. 

Not letting your kids near your work computer is also advised. Because they may lock your personal computer by trying to open it with repeated entries of the wrong password, limiting you to be on time for work. Or they may click on some links that you would have no problem avoiding. 

Take care of your Cybersecurity in COVID-19 Times

This is a historic time. We will talk about and pull references about this time for years to come. When they write the histories of the twenty-first century, the COVID-19 pandemic and the year 2020 will surely be mentioned countless times. With our advanced medical technologies and automated systems to assist, this level of human cost and suffering is unprecedented.

And we are not out of the woods yet. So, staying safe from the coronavirus itself might not be enough. We have to be careful about the threat lurking around the interweb, too. Without our careful, concerted efforts, awful actors will bring on more suffering and trouble for us. We can defeat both threats. The human spirit must endure and flourish against all odds.

 

---

WANT TO KNOW MORE TIPS FROM INDUSTRY EXPERTS? DOWNLOAD OUR FREE E-BOOK