Eight tips on staying cyber safe during COVID-19
According to the Australian Cyber Security Centre (ACSC), almost 100 Australians have reported losing money or personal information to COVID-19 themed scams and online frauds since early March, while popular group video chat services Zoom and Houseparty have allegedly leaked thousands of users’ private data.
As the majority of us continue to work from home and we use our phone or computer to stay in touch with family, friends and colleagues, ensuring your cyber safety is not only crucial but possible with these eight tips. This guidance has been compiled in collaboration with Aust Cyber and the Cyber Security Cooperative Research Centre.
1. Be aware of scams
The Australian Cyber Security Centre (ACSC) has an extensive visual list of text, email and app scams that are doing the rounds, with spoofed Australian Government, stimulus payment and IT help desk phishing emails and SMSes currently the most prevalent.
Both in Australia and internationally, scammers are preferencing phishing attacks during this time, sending emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.
Avoid clicking on links in unsolicited emails and be wary of email attachments particularly if you are not expecting them.
If you receive anything that you’re not sure about, Google the information supplied to see if it’s been reported as malicious. A report by CSIRO’s Data61, the data and digital specialist arm of the national science agency identifies the most prolific cyber scams from 2007 to 2017, with the findings able to help identify the future of cybercrime.
2. Know how to identify malicious activity
Some elements of a cyber-attack can be easy to identify, however, others are much more subtle. You can identify suspicious texts and emails by looking out for:
- SMSes, emails or apps that ask you to confirm personal information, such as bank details or passwords.
- Poorly written text with spelling and grammatical mistakes.
- A web address that doesn’t look genuine. Hover the cursor over links to see if the embedded link is legitimate, but make sure you don’t click it.
- Compromised sites will often have no https:// or a lock signal in the address.
- Unsolicited emails with attachments. Sometimes emails are sent impersonating a colleague, but from a different email address. If you receive any such emails, check directly with the colleague through a known email address as to whether they have in fact contacted you.
- Urgent requests or offers that are too good to be true.
3. Don’t share personal information
Sharing personal information such as your phone number, home address, or banking details increase your chances of being harassed, stalked, or scammed.
Identity thieves often need only a minimal amount of key information, while social media platforms and applications often sell your information to advertisers.
It is important to remember engaging with social media platforms is another way you can inadvertently share private information, for example, participating in polls or online group chat forums.
“If a service is free, in many cases it means your data is the price you are paying,” says Dr Thierry Rakotoarivelo, Group Leader of Information Security and Privacy Software and Computational Systems Group at CSIRO’s Data61.
“Consider if that service is worth that implicit price you will pay.”
The fact that videoconferencing is essential during this time of physical isolation makes it an ideal delivery platform for malicious activity.
Video conferencing presents an opportunity for cybercriminals to eavesdrop and record private conversations, create and send voice spoofing messages, gather facial data for the creation of video deep fakes, highjack screen controls and more.
Protect yourself and colleagues by:
- Verifying the meeting invite is from a known and trusted sender.
- Entry requires a password.
- Ensure you know all phone numbers that have dialled in.
- Limit file sharing in the chat section of the call.
- Check that there are no materials that display sensitive information are displayed in the background of your call or use a virtual background.’
5. Avoid counterfeit apps
In June 2019, researchers from CSIRO’s Data61 and the Faculty of Engineering’s School of Computer Science at the University of Sydney investigated over one million Google Play apps and discovered 2,040 potential counterfeit apps.
Many of these apps included malware or requested data access permission on users’ phones. Read the app description, check the reviews before downloading and stick to official app stores.
6. Turn on automatic updates
AustCyber recommends turning on automatic updates for your operating system to ensure as much malicious software as possible is blocked. These updates contain crucial security solutions that will help keep you and your devices safe and secure.
7. Keep private data private
Having your private data stay private is a fundamental right, with systems that collect people’s information occasionally using it for malicious reasons, with Cambridge Analytica is a good example of that.
Data privacy experts at Data61 recommend checking which apps have access to your phone’s geolocation data, using a web browser to look at something online rather than your phone, and not using the same password for multiple systems.
For businesses and organisations, insights from user data may have high economic value once unlocked, however, this ‘unlocking’ process needs to take into account constraints such as privacy regulations and the social impact, explains Dr Rakotoarivelo.
“The challenge for businesses and organisations is to balance these constraints while deriving benefits from these shared data.”
It’s also important to remember that video conferencing provides a visually intimate look into your private life, so when conducting work-related calls you should have a plain or virtual background.
8. Stay vigilant
While your home may be a place of security and comfort, cyber criminals can still access your devices regardless of your location. Unusual times call for unusual measures, but remaining aware and alert to all situations that could enable malicious activity is imperative.
Printing confidential work documents using a private device at home is one such situation, explains Data61’s Dr Marthie Grobler. “If your printer is connected to the internet, it can be accessed by a third party, placing sensitive documents you’ve printed at risk.”
“Locking your device when you’re not using it is another example of best practise, while using unlicensed or personal software is a liability for your organisation.”
Physical distancing and self-isolation during the COVID-19 pandemic have understandably increased people’s stress and anxiety levels, making them more vulnerable to online attacks. But by ensuring you have good ‘cyber hygiene’ as Data61 researchers like to put it, you can protect yourself and others online during this time.