To become safer online, start with NordVPN — the world’s leading VPN provider.
This year proved to be a challenge for most of us – employees had to adapt to working from home. Employers – provide necessary WFH equipment, communication, and safety measurements.
Cybersecurity experts had a lot on their hands providing cybersecurity tips and analyzing the impact Covid-19 had on remote work challenges.
Here at NordVPN, we also had a lot to do. Back in March, when the majority of Covid-19 affected countries’ populations started working from home, we noticed a significant spike in VPN usage.
Our business-focused NordTeams VPN showed a 161% growth and a 2 hours increase in average use-time. And a study by OpenVPN revealed that “68% of employees claim their company has expanded VPN usage as a direct result of COVID-19, and 29% say their organization started using a VPN for the first time ever.”
There’s a clear correlation here, which shows that Covid-19 has affected the cybersecurity industry, so let’s take a closer look to why and how.
What Covid-19 has to do with cybersecurity?
There are two different reasons why cybersecurity became of utmost importance during the pandemic. First of all, work from home broadens the cyber attack perimeter, because confidential business data suddenly can be obtained by attacking a home network bypassing office network security protocols. Second, Covid-19 sparked an upsurge of phishing attempts and various other online scams.
Both are important, and both can be damaging to businesses and users alike. An employee that is working from home getting access to the Internet via a router that has been updated several years ago and still uses factory-issued password can be an easy target and a gateway to corporate secrets. And even if his router is adequately secured, he may still fall victim to a carefully crafted phishing scam that installs malware on his device. Corporate confidentials may leak, or users’ banking credentials may be stolen – both consequences are dire enough to be taken seriously.
According to Eric Cole, an ex-CIA professional hacker, there’s been a “300% increase in phishing emails about COVID-19 <…> 71% of all emails that you receive that say COVID-19 or corona are actually malware or attacks. Less than 30% are legitimate.” Three times bigger spike is a tremendous increase and a threat.
Phishing first appeared sometime around the 1980s, and usually was carried out via telephone. Cybercriminals pretending to be someone else (banking official, cop, etc.) lured their victims into transferring some amount of money or giving out their confidential details via manipulation and carefully crafted scenarios. However, over the decades, phishing has improved significantly and still poses severe challenges frequently exploiting human factors as its main trajectory of attack.
According to the Guardian, Google detects 18 million malware and phishing incidents per day related to Covid-19. Meanwhile, Kaspersky reports “the share of users attacked by fake e-shops doubled, growing from 9 to 18%” in the Q1 2020. People are incredibly frightened during these troubling times, and cybercriminals try to exploit that by crafting fear-mongering emails. They ask users to click a link or download an attachment to know whether they’ve been diagnosed with Covid-19, promise a free test, or deceive a relative contracted the virus, and alike.
It’s hard not to open such emails, but it’s essential to remain vigilant. Adequate training is crucial, and the first step is to double-check the email or web page for risk signs. Grammar errors might give it away, or the senders’ email address rouses suspicion. When it comes to mirror pages – carefully double-check the URL for inconsistencies, if you use a password manager it will not fill in the password automatically for mirror phishing sites, and the lock symbol near the URL will most likely state “unprotected.”
Home network security
Home network security is not as hard as it sounds, but it does require some effort, and if you want a summary, you can read our blogpost for more starter tips.
First of all, a router is your gateway to the Internet, and it needs to be protected. Routers come with a manufacturer issued password, and some have been leaked online, while others are just too weak to be efficient. Changing the password, Wi-Fi network name, and updating the device comes first. Make sure Wi-Fi Protected Access 2 WPA2 (or WPA3 if your router is cutting-edge) is used on your wireless router.
We’d strongly suggest using a password manager to handle your login credentials. Over the last couple of years Credential Stuffing attacks, when cybercriminals try different leaked username-password combinations on other services, have been both popular and successful. A password manager enables you to hold long, complex, and most importantly, different passwords for all services. Various security-oriented browser extensions and privacy-oriented browsers also strongly contribute to online safety.
For a more robust home network safety, you can set up a VPN on your router. This achieves three goals:
- Additional encryption will be applied to all of your online-traffic;
- Your original IP address will be substituted, reducing the risk of IP leak or tracking via IP address;
- You can protect each device connected to the router, especially important for lots-of-IoT households.
Before setting a VPN on a router, double-check whether it supports VPN configuration, and make sure processing power is enough to handle the latest encryption standards – this will save you Internet connection speed.
Quarantine has revealed some gaps in overall digital systems security. Luckily, all of the above mentioned practices can help. This short overview is by no means extensive, though a decisive first step towards cyber-awareness. Keep in mind, even minimal adjustments lower the risk of falling victim to a cyberattack.
For home network security and password management you can choose NordPass and NordVPN services, or read our blog to enhance your awareness.