NortonLifeLock Privacy Watch

This blog aims to provide timely updates on the latest privacy trends for individuals concerned about protecting personal information. The inclusion of products, websites, apps, or links does not imply endorsement or support of any company, product, material and/or provider listed herein.

1.The battle against COVID-19 has spilled into cyber space. With the coronavirus dominating the news, the pandemic has created an opening for malicious hackers to exploit the public’s obvious interest in the topic. Cyber criminals often use the occasion of major events to try to dupe their victims with social engineering ruses. It’s no different this time around. 

In the last several weeks, institutions around the world are reporting an increase in the number of incidents where attackers deployed social engineering ruses to fool users into clicking on emailed links with the goal of implanting malware on a victim's computer. The European Central Bank recently warned banks that fraudsters have targeted bank customers as well as financial institutions with phony COVID-19 emails. Separately, the World Health Organization (WHO) described how cyber criminals were sending phishing emails related to COVID-19, impersonating WHO officials in a bid to steal money and sensitive data.

2.Companies are responding with work-from-home policies in a bid to limit the spread of the infection among their employees. This smart guidance also shines a new spotlight on a familiar problem: Too many employees still treat online security best practices as an afterthought, at best.

But this time around, sloppy computer hygiene by telecommuting employees could cause heightened concerns because the bad guys are following the news, as well. For instance, bad actors can now buy a new phishing method on the dark web to acquire a payload preloader masked as a COVID-19 map which claims to offer real-time information from reputable sources, like the World Health Organization. All it takes is for someone to click on what’s billed as an interactive map for their system to get infected. 

Clearly, these are extraordinary times and users need to be extra careful, taking necessary steps to mitigate the potential threats. The CyberSecurity and Infrastructure Security Agency, or CISA, is the cyber agency for the U.S. Department of Homeland Security recently issued an alert citing specific cyber vulnerabilities associated with working from home. Among its recommendations:

• Update VPNs, network devices, as well as any devices used to connect into work environments with the latest software patches and security configurations. 
• Be on alert for an expected increase in phishing attempts. 
• Ensure IT security personnel are ready to ramp up key cybersecurity tasks, including log review, attack detection, and incident response and recovery.  
• Implement multi-factor authentication on all VPN connections. At a minimum, teleworkers should be required to use strong passwords. 
• IT security departments should test VPN limitations to prepare for mass usage. Also, where possible, implement modifications to prioritize users who require higher bandwidths.

And as a final reminder, device security hinges on using common sense. That means not telecommuting from public places, such as coffee shops or on public transportation, where third parties can easily view screens and printed documents. It also means using secure, password-protected home Wi-Fi or hotspots.  If you’re working from home, it is important to remember that it is a bad idea to share work-issued devices (laptops, phones, etc.), to transfer files to personal devices or storage media. Additionally, sharing any sensitive business information (e.g., having a sensitive work call) with friends and family is also something to be mindful of.

3. And while the nation grapples with the virus outbreak, a bipartisan Congressional report sounded the alarm on another front.  A year in the making, the findings make for sober reading. The conclusion of the 182-page report: America still lacks an effective way to combat foreign cyber threats, with the government faulted for lacking the ability to act “with the speed and agility necessary to defend the country in cyberspace.”

So how much progress have we made? Clearly, not enough. The report, which offered more than 75 recommendations for action across the public and private sectors, flagged election security as a particular problem area that needs priority. Despite hundreds of millions of dollars in investments in new voting technology since the 2016 elections, the authors said that the American people still can’t count on assurances that US election systems are secure from foreign manipulation. 

Looking to the November presidential elections, the report said the US should continue to fund election infrastructure modernization both at the state and local levels. Also, states and localities need to chip in to make sure their elections are as secure as possible. And despite the obvious irony of a cyber commission recommending a paper trail, one must-do recommendation was to ensure that a paper audit trail exists in any future elections.

“If we don’t get election security right,” the report warns, “deterrence will fail, and future generations will look back with longing and regret on the once powerful American Republic and wonder how we screwed the whole thing up.”

Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.