Taking care of cybersecurity
As we prepare to go into lock-down to combat the spread of Covid-19 its timely to think about cybersecurity, and what attacks are being reported globally. As the World Economic Forum reminds us - cyber criminals exploit human weaknesses, and in a prolonged crisis situation, people tend to make more mistakes.
According to the WEF, 98% of cyberattacks deploy social engineering methods. "Cybercriminals are extremely creative in devising new ways to exploit users and technology to access passwords, networks and data, often capitalising on popular topics and trends to tempt users into unsafe online behaviour."
Closer to home, CERT NZ notes on its website that its international partners are seeing an increase in reports of cyber criminality due to the pandemic. It lists three types of scams and attacks:
- Text message scams - in Australia Covid-19 themed scam text messages provide a link to fake testing facilities. The link may install malicious software on devices that is designed to steal information, such as banking details.
- Phishing emails - in the UK coronavirus-themed phishing emails have infected attachments that install malware. There are also similar emails globally that encourage people to fill in their email and password before they can get information on Covid-19.
- Fake coronavirus maps - attackers claim to have a map application that people can download onto their devices, which turns out to be malware.
In New Zealand, we have a Government website - covid19.govt.nz - that provides official information and updates, not to mention the numerous legitimate news websites that are doing a fantastic job of keeping us all up to date. So hopefully people won't be tempted to click on dubious links for information about Covid-19.
CERT NZ advises users to be sceptical of advice that doesn't come from official sources, protect your password and login credentials, keep devices up to date, and keep anti-virus solutions up to date. Also, report suspect malware or phishing attempts to CERT NZ. This has to be done online because currently its call centre is unavailable.
The CERT NZ website also has a list of tips for individuals, business, and organisations, which includes installing software updates, using two-factor authentication, backing up data, and being creative with answers to account recovery questions.
It's the kind of advice that is useful at any time, but as many people will be accessing confidential commercial data from their home wifi - and maybe home devices too - it seems especially necessary today.
You must be logged in in order to post comments. Log In