During crisis situations, cybercriminals use social engineering techniques to exploit their target: you. They rely on the user’s emotions, trustworthiness, and willingness to help, and use it against them. Please follow these basic security protocols.
- Be aware of scams such as:
- promotion of products that claim to prevent, treat, or cure the coronavirus
- requests for money for fraudulent charities
- misinformation; beware of emails and social media postings that claim to be from experts
- Be skeptical of unsolicited contact (i.e. phishing) from people requesting private organizational or personal information
- Do not give personal information or passwords through email or through phone calls that you did not initiate
- Pay attention to website and email addresses that use a variation in spelling or a different domain (i.e., vvcu.com vs. vvcu.net or firstname.lastname@example.org)
- Verify a request’s authenticity by contacting the person or company directly
As an example, the U.S. Department of Health and Human Services Cybersecurity Coordination Center issued a cybersecurity alert involving a website masquerading as Johns Hopkins University website. This fake page impersonated a live map of global COVID-19 reported cases, and computers which were used to visit the site were infected with malicious software designed to steal the user’s private data.
As more people try to perform their jobs away from campus, everyone must employ safe computing practices, whether using university-owned equipment or accessing university data from personal devices. Other important safe computing actions include:
- Only store sensitive university information on approved storage locations. Continue to use storage such as OneDrive and Mercury. DO NOT download or store sensitive university information on personally-owned devices or unauthorized cloud storage such as Google Docs. Please review the University Data Handling Procedures for more information.
- When working away from your office, continue to follow the University’s Clear Desk/ Clear Screen Policy. Remember to lock your keyboard when you are away from your computer, and protect sensitive papers.
- Regular patching with software updates is required to protect computers against newly-identified vulnerabilities, and users should routinely update their computer’s operating systems and applications. If you have not updated your computer recently, this may require several iterations and reboots to completely update the system.
- Do not use open or public (unencrypted) Wi-Fi connections.
- Antivirus and malware protection is a critical element of protecting a computer and its data. There are several commercial choices available, and many are free and incorporate malware protection. Malwarebytes and Avast are two popular antivirus and malware protection products available.
- Backups are vital in ensuring the protection of your data in the event of a system failure or malware attack such as ransomware. Be sure to at least back up your user profile folder, which should include your documents and downloads folders.
- Proper password management is an essential element of securing user information. Reusing passwords for multiple systems presents a significant risk to user data and their privacy. Users can shield their login credentials using password management systems, such as LastPass, KeePass, and DashLine.
During this crisis, be attentive to your online health, as well as your physical and emotional health. Be vigilant, and stay safe.