- As people work from home to stop the spread of coronavirus, they become more vulnerable to digital attacks and scams.
- Hackers may try to exploit your stress response to the COVID-19 crisis.
- The most powerful defence is your own behaviour and critical thinking. Slowing down and activating your rational mind can help ward off threats.
The impact of the coronavirus pandemic is being felt far and wide. For many people, the biggest change to their daily routine has been working from home to help stop the spread of COVID-19. While businesses and communities have pulled together to rise to the challenge, the dramatic disruption has also created new opportunities for hackers and scammers. The lack of a protected office space is not the only problem. Behavioural change, such as the mental strain of adapting to a new and worrying situation, can make it difficult to spot and ward off threats. The good news is that a few simple processes adapted from corporate security protocols can improve your digital safety at home.
Your brain during the crisis
Firstly, be aware that working from home represents much more than a change of location. It involves a profound shift in mindset and behaviour. With teams dispersed, we can no longer just turn to the side to check our thinking with a colleague. Instead, we make more decisions in isolation, and this can make us more vulnerable. We are also becoming more used to interacting with certain contacts only via email, which may raise the risk of impersonation and identity theft.
In addition, the crisis itself is affecting the way we think. During times of stress and upheaval, humans tend to respond more instinctively and less rationally. Over the past few weeks, many of us have been forced to make instant decisions amid constant change. Such fast thinking has its place, but it can stop us from considering certain situations carefully and rationally and choosing the best way ahead.
Finally, the threat of potential hackers is adding yet another source of stress. Many people are aware that working from home may leave them more open to digital attacks, but are unsure what to do about it. Such uncertainty not only makes it difficult to protect ourselves, it can also affect our ability to focus on our work.
The 3 basic steps
Global businesses use many sophisticated tools to protect themselves against such threats. But one fundamental process that can be easily adapted to personal use is the 3-stage thinking approach. It consists of three basic steps:
This deceptively simple procedure can be extremely powerful because it goes to the heart of how many hacking campaigns work.
One typical ingredient of many hacking attacks is a sense of time pressure. Someone may be contacting you urgently about how to protect yourself from the coronavirus. They may even tell you that you’ve been identified as someone who’s had contact with someone who’s been tested as positive for the infection.
These kinds of emails make you want to act. They purposefully engage your sense of urgency, worry and fear. The best way to counter them is to activate your calm, rational faculties, and take the time to evaluate the request.
Have you read?
For many people working from home, almost every single aspect of daily life has changed. Scammers may try to exploit this, because they are aware that many of us are using products we’ve never tried before. They may for example create plausible stories around new services, hoping you won’t have the mental space to probe and question them. They may make their emails appear to be from a familiar or credible source, or recommend a collaboration download that will make working from home easier. The more legitimate the email, the easier it is to elicit a response.
Hackers may try to gather the credentials of people working at an organization, such as simple passwords that people came up with in haste among the chaos. Once they can access a mailbox, they can set up a forwarding rule so the user is completely unaware that their credentials are now being used to email others.
However, even if this happens, others at the organization can still do a number of basic things to stop the attack. If you receive an email from a contact, no matter how legitimate, no matter how urgent, take a pause. Ask yourself: ‘Is what I’m being asked to do normal?’, ‘Is there anything strange about this email / instruction?’
If there’s a little niggle at the back of your head about it, pay attention. Think how you can verify if it’s real, and who to report it to if you’re suspicious.
Look up from the screen
Cyber security is not just about emails and passwords. It may seem obvious, but keeping your computer, phone and confidential printed documents physically safe is an important part of your overall protection. When setting yourself up to work from home, try to give some thought to where in your home you’re working from. Make sure ill-intentioned outsiders can’t see your screen and paperwork through your windows or doors, and if you do leave the house, don’t leave your computer on display. At the end of the day, tidy away any confidential paperwork, just as you would at the office.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
One of our most powerful skills as humans is to think ahead, consider different scenarios and make plans. If you discuss potential problems and solutions with your colleagues, you’ll be better prepared if an attacker strikes. This can be as simple as setting up alternative ways of verifying an email or instruction. We don’t know how this situation will evolve, or when we will be able to go back to our offices. But we can build sustainable, safe processes and relationships that will help us work calmly and confidently.
Lastly, if you’re facing a security threat or have fallen foul of a scam, don’t be embarrassed, but do act quickly. Your security team is there to support you, reduce the potential impact and protect you. Make sure you know who to contact if you need them. Together, we can do our bit to help our businesses and each other survive during these challenging times.