During the coronavirus pandemic, thousands of Arkansans are doing their part to slow the spread by working from home. Some are prepared from years of remote working, while many others have had their entire office culture entirely uprooted. 

As professionals – and individuals, too – adapting to the new, temporary normal, it’s crucial to maintain the security of business systems and personal, private information. In addition to all the normal cybersecurity threats, remote working and pandemic conditions have heightened cybersecurity concerns.

Hackers and scammers are actively using new social engineering attacks (e.g., phishing, ransomware, phone scams) that take advantage of the fear and uncertainty. Scammers will try every angle to gain trust and take advantage of the situation. Sullivan Wright Technology Partners has been tracking and monitoring new attacks using COVID-19 as a fear tactic as well as older methods recycled by scammers to take advantage of the chaos. Be wary of unsolicited emails and phone calls with topics like:

• How to get COVID-19 testing kits on your own

• How to get COVID-19 vaccines or drugs to self-treat symptoms

• Sensationalist news stories offering online tracking or other insider information about COVID-19

Be wary of all emails, even if they are forwarded from friends and family. With the fear and uncertainty going around, many of these scams go unchecked and are continually forwarded. Just because the information was shared by a trusted person does not mean that it is necessarily true or safe.

If someone calls and states they are from a bank or another service provider, do not divulge any sensitive information or take any account action. Hang up the phone, and call the legitimate institution using a trusted number. That number can be found on the back of a credit card, a past invoice, or previous correspondence.

In the professional setting, don’t let the urgency of a situation alter security protocols. Working from home may mean that some processes are not in place, but don’t cut corners. Take every precaution to work as securely or even more securely than in the office.

• DON’T send sensitive information to or from personal, unencrypted email addresses.

• DON’T share files from internal or cloud shares with permissions that allow anyone in the world to access them (i.e. “anyone with the link can open the file”).

• DON’T install random remote access software downloaded from an untrusted site to get immediate access.

• DON’T share passwords to individual accounts to “make things work in a pinch.”

Managers with employees working remotely from their personal computers shouldn’t overlook cybersecurity protocols. This is probably the hardest situation to manage from a security standpoint. Personal computers can be used by anyone in the household, and there may be minimal or no protection between personal data and all the bad things on the Internet. If the use of personal laptops is necessary for business:

• Install the company’s trusted anti-virus solution on home users’ systems

• Do not allow remote work from computers no longer supported by the vendor (e.g., Windows XP, Windows 7)

• Upgrade users’ computers from Windows 10 Home to Windows 10 Pro and enable BitLocker full disk encryption on all drives.

• Plan for users to bring in their personal computers after the pandemic subsides, and have IT professionals wipe any sensitive, company-owned information from their drives.

These are difficult times, but there are always steps that businesses and individuals can take to maximize security and minimize scam or fraud. When in doubt, do not hesitate to call an IT provider or security expert. 

Christopher Wright is an information security professional and founding partner of Sullivan Wright Technology Partners, a Little Rock firm specializing in cybersecurity and compliance; managed services and support; and voice services. He has more than a decade of experience and leadership in cybersecurity and risk management.