Ten Practices to Keep You From Being Hacked During COVID-19

(Advice from Mark W. Schleisner ’20K, Naim Glloxhani ’20K, Teddy Mutterperl ’20K, Ben Milshtein ’20K and David Deutscher ’20K, students in the Katz School of Science and Health’s MS in Cybersecurity)

1) Educate yourself on what a COVID-19 scam looks like

Attackers will use phishing emails with malware attachments and links, malware-laden fake apps that pretend to educate you and phony charity or informational websites that try to trick you into donating money (see #9).

2) Use your employer-provided virtual private network (VPN) or purchase one from a trusted vendor

A VPN can create an encrypted connection or “tunnel” between you and your organizations’ networks and data. VPNs ensure that corporate tools and applications are used only by users with the right permissions.

3) Maintain secure and well-kept passwords

Use complex passwords of at least 8 characters (with numbers, letters, and special characters). Use multifactor authentication if available, especially with your bank and email accounts (see #6). Change important passwords every 30-60 days and use an online password manager/vault to store your passwords (such as Enpass, LastPass or 1Password).

4) Secure your Wi-Fi access point(s)

Change the default password on your router as well as on any other home network devices. Do not connect to any unsecured or unknown Wi-Fi networks; only connect to Wi-Fi networks secured with a password. In configuring your home network, secure it with a unique password, and ensure that it is protected using WPA2, Wi-Fi Protected Access 2.

5) Turn on end-to-end encryption for Zoom video calls

If you communicate via Zoom meetings, enable the end-to-end encryption feature that Zoom provides by signing in to the Zoom web portal and selecting account management > IM management. Then select the IM settings tab at the top of the page. Navigate to the Enable end-to-end chat encryption option and verify that the setting is enabled. If the setting is disabled, click the toggle to enable it.

6) SMS text message-based MFA

Multifactor authentication (MFA) verifies a user’s identity by requiring multiple credentials. After you enter the username and password, MFA requires additional credentials, such as a security code sent via text to a smartphone. Safe and reliable MFA software includes DUO, Microsoft Authenticator and Okta.

7) Update your Antivirus Software

Install reliable antivirus software, such Norton AntiVirus, Kaspersky, Bitdefender, and Windows Defender, and keep it updated. These programs offer real-time monitoring for viruses, malware/spyware, and ransomware. Some will remove any virus or malware found on your local machine.

8) Your work computer should be used ONLY by you and ONLY for job-related activities

If other people use your devices for personal use, you lose any cybersecurity protection your work network is providing. The game apps children download may contain malware that targets your work data and spreads to your employer’s entire network the next time you connect to it.

9) Be aware of trendy phishing campaigns on the internet

Cybercriminals are exploiting the coronavirus outbreak by creating fake email campaigns to misdirect employees to click on links and/or attachments that seem to be from corporate management but may result in malware being downloaded onto your device.

10) Very Important! Always keep in contact with your employer while working remotely!

Since the whole world is affected by the coronavirus, companies may or may not update their policies. Be vigilant in staying in touch by leveraging communication platforms for any policy changes such as remote access, travel and other matters.