Criminals flood the web with Covid-19 spam and corona phishing. The attacks are lucrative because many people access work data from home. These tips help against hackers.
Almost all people suffer from the corona pandemic. However, one professional group senses the business of a lifetime: cybercriminals flood the Internet with phishing emails and malware. There are three reasons for this: First, many people are afraid. Second, many people want to help. That is why they are ready to click links or open attachments that they would otherwise have been suspicious of. Third, millions of employees work from home.
Many of them now use their private computers for work and access files in the company network from their home office. Most did not receive any training, after all, they had to stay at home overnight. Hardly any company was prepared for this situation. Even the Bavarian government is overwhelmed: the editorial staff of the magazine c’t was able to participate in a video conference with Interior Minister Joachim Herrmann – the system was not secured.
Attacks become easier and more lucrative for criminals. Suddenly doors are open that were previously blocked by carefully maintained firewalls. All it takes is a reckless employee, then hackers can access sensitive data or infiltrate the entire company network. After all, some hacker groups have promised to spare hospitals and medical practices. However, normal homeworkers cannot count on mercy: dozens of IT security companies, the WHO and the BSI warn of criminals who use Covid-19 as bait for their attacks.
They lure with important information and advice, infiltrate supposed Corona apps into Google and Apple stores or pretend to be a health authority. Instead of learning how the biological virus spreads, users catch digital viruses. Trojans encrypt the hard drive and demand a ransom, grab passwords and attempt to steal credit card information. Protect hands and keep your distance from Covid-19 – these eight security tips protect against criminals.
1. Use secure passwords
With so-called brute force attacks, attackers can try out many password combinations in a short time. If you want to protect yourself from this, you have to use long, random and unique passwords. Special characters are unnecessary, the length is decisive: twelve characters are the minimum, for important accounts at least 16 letters and numbers are recommended. Many users use the same password for multiple accounts or vary it only slightly. This is an invitation to hackers. Therefore you should use a password manager like 1Password, LastPass or the open source solution KeePass. These programs generate random and secure passwords and save them in encrypted form.
2. Secure accounts with a second factor
Even the best password can be hacked. Only the so-called two-factor authentication (2FA) reliably protects against attacks. Then, in addition to the password, a second factor is required to log in. It is often a code that is received in a separate app or sent via SMS. Some services also offer biometric features or additional hardware such as the Yubikey USB stick.
3. Install security updates
Criminals often exploit vulnerabilities that have just been discovered. They expect that many users have not yet updated their software. So if you are asked to update, do not delay the installation. In particular, the operating system, browser, office software such as Microsoft Word or Acrobat Reader from Adobe should always be up to date. This also applies to the WiFi router and other IoT devices that are connected to the network. The firmware updates can usually be found there on the manufacturer’s website. Updates can often also be automated.
4. Protect WiFi
In the home office, the home network becomes a work network – and thus even more interesting for attackers. Many people have never changed the default passwords of their router and their wifi. It is negligent. To change the router configuration, enter the IP address of the device in the browser, usually 192.168.2.1. There you log in (the access data is often on the back of the router) and you can assign new passwords for access to the router and for WiFi.
5. Use secure communication channels
What colleagues used to discuss at work is now being discussed and clarified digitally. However, unencrypted emails, Skype calls or chat services like Slack are not suitable for important information. Messenger like Signal or Threema are better. Whatsapp also protects messages with end-to-end encryption. Facebook does find out who writes with whom and when – but not what it is about.
All reports on the current situation in Germany and worldwide as well as the most important news of the day – twice a day with SZ Espresso. Our Newsletter brings you up to date in the morning and evening. Free registration: sz.de/espresso. In our News app (download here) you can also subscribe to the espresso or breaking news as a push message.
6. Separate professional and private
Many people are currently using one device for everything and cannot buy a second laptop at short notice. To protect professional information, at least two different browsers are recommended. Separate accounts without admin rights for the computer offer more protection. Friends’ laptops and smartphones should not be used for work. After all, you can’t tell from a device whether malware is running on it.
7. Save data securely
Explosive documents do not belong in a cloud like Dropbox or OneDrive. USB sticks, external hard drives or encrypted network storage are more suitable. The local files should be encrypted with software like Veracrypt. Windows (BitLocker) and MacOS (FileVault) also offer integrated solutions for this. To protect yourself against ransomware that encrypts the hard drive and then demands a ransom, regular backups on an external storage medium are required.
The biggest risk factor is in front of the computer. The safest hardware doesn’t help if users recklessly open attachments, download files and install programs. If you don’t trust a sender or developer 100 percent, you should stay away from it. In the home office, it is more difficult to quickly ask colleagues for advice, and IT departments are often overwhelmed. Still, a quick phone call can save a lot of trouble.