• As people work from home to stop the spread of coronavirus, they become more vulnerable to digital attacks and scams.
  • Hackers may try to exploit your stress response to the COVID-19 crisis.
  • The most powerful defence is your own behaviour and critical thinking. Slowing down and activating your rational mind can help ward off threats.

The impact of the coronavirus pandemic is being felt far and wide. For many people, the biggest change to their daily routine has been working from home to help stop the spread of COVID-19. While businesses and communities have pulled together to rise to the challenge, the dramatic disruption has also created new opportunities for hackers and scammers. The lack of a protected office space is not the only problem. Behavioural change, such as the mental strain of adapting to a new and worrying situation, can make it difficult to spot and ward off threats. The good news is that a few simple processes adapted from corporate security protocols can improve your digital safety at home.

Your brain during the crisis

Firstly, be aware that working from home represents much more than a change of location. It involves a profound shift in mindset and behaviour. With teams dispersed, we can no longer just turn to the side to check our thinking with a colleague. Instead, we make more decisions in isolation, and this can make us more vulnerable. We are also becoming more used to interacting with certain contacts only via email, which may raise the risk of impersonation and identity theft.

In addition, the crisis itself is affecting the way we think. During times of stress and upheaval, humans tend to respond more instinctively and less rationally. Over the past few weeks, many of us have been forced to make instant decisions amid constant change. Such fast thinking has its place, but it can stop us from considering certain situations carefully and rationally and choosing the best way ahead.

Finally, the threat of potential hackers is adding yet another source of stress. Many people are aware that working from home may leave them more open to digital attacks, but are unsure what to do about it. Such uncertainty not only makes it difficult to protect ourselves, it can also affect our ability to focus on our work.

Even before the pandemic, cybercrime had become a growing threat.
Image: Statista

The 3 basic steps

Global businesses use many sophisticated tools to protect themselves against such threats. But one fundamental process that can be easily adapted to personal use is the 3-stage thinking approach. It consists of three basic steps:

1. Stop

2. Think

3. Protect

This deceptively simple procedure can be extremely powerful because it goes to the heart of how many hacking campaigns work.

One typical ingredient of many hacking attacks is a sense of time pressure. Someone may be contacting you urgently about how to protect yourself from the coronavirus. They may even tell you that you’ve been identified as someone who’s had contact with someone who’s been tested as positive for the infection.

These kinds of emails make you want to act. They purposefully engage your sense of urgency, worry and fear. The best way to counter them is to activate your calm, rational faculties, and take the time to evaluate the request.

Healthy scepticism

For many people working from home, almost every single aspect of daily life has changed. Scammers may try to exploit this, because they are aware that many of us are using products we’ve never tried before. They may for example create plausible stories around new services, hoping you won’t have the mental space to probe and question them. They may make their emails appear to be from a familiar or credible source, or recommend a collaboration download that will make working from home easier. The more legitimate the email, the easier it is to elicit a response.

Hackers may try to gather the credentials of people working at an organization, such as simple passwords that people came up with in haste among the chaos. Once they can access a mailbox, they can set up a forwarding rule so the user is completely unaware that their credentials are now being used to email others.

However, even if this happens, others at the organization can still do a number of basic things to stop the attack. If you receive an email from a contact, no matter how legitimate, no matter how urgent, take a pause. Ask yourself: ‘Is what I’m being asked to do normal?’, ‘Is there anything strange about this email / instruction?’

If there’s a little niggle at the back of your head about it, pay attention. Think how you can verify if it’s real, and who to report it to if you’re suspicious.

Look up from the screen

Cyber security is not just about emails and passwords. It may seem obvious, but keeping your computer, phone and confidential printed documents physically safe is an important part of your overall protection. When setting yourself up to work from home, try to give some thought to where in your home you’re working from. Make sure ill-intentioned outsiders can’t see your screen and paperwork through your windows or doors, and if you do leave the house, don’t leave your computer on display. At the end of the day, tidy away any confidential paperwork, just as you would at the office.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

Long-term thinking

One of our most powerful skills as humans is to think ahead, consider different scenarios and make plans. If you discuss potential problems and solutions with your colleagues, you’ll be better prepared if an attacker strikes. This can be as simple as setting up alternative ways of verifying an email or instruction. We don’t know how this situation will evolve, or when we will be able to go back to our offices. But we can build sustainable, safe processes and relationships that will help us work calmly and confidently.

Lastly, if you’re facing a security threat or have fallen foul of a scam, don’t be embarrassed, but do act quickly. Your security team is there to support you, reduce the potential impact and protect you. Make sure you know who to contact if you need them. Together, we can do our bit to help our businesses and each other survive during these challenging times.