Stay cybersafe as you telecommute

Mute the microphone and cover up the webcam after a teleconference, and lock the computer screen if you are walking away to take a break.

These are among the measures recommended by SingCert (Singapore Computer Emergency Response Team) to stay cybersafe while telecommuting - a reality faced by many today as companies increasingly activate their business continuity plans amid the coronavirus outbreak.

In the advisory published on its website yesterday, SingCert, which is part of the Cyber Security Agency of Singapore, said: "Opportunistic cyberthreat actors are capitalising on the situation to conduct malicious cyber activities by exploiting vulnerabilities in solutions or unsecured networks to gain unauthorised access to users' data or the organisation's network."

Employees should therefore also use a secure Wi-Fi network, and send sensitive information over virtual private network (VPN). Change the default password of home routers and also check that security settings are set to enable automatic updates, and disable UPnP (universal plug-and-play), which refers to the feature of allowing devices to discover each other on the network.

Besides ensuring that networks are secure, workers must beware of Covid-19-themed threats, such as phishing e-mails that trick users into giving up sensitive information like payment details, or scams involving impersonation websites.

Last month, the World Health Organisation (WHO) issued a warning stating that scammers were disguising themselves as WHO representatives via phishing e-mails and fake websites, among other means, to con people out of personal information and money.

Reports said one such phishing attack involved e-mails allegedly sent from a WHO worker luring users to download an e-book on how to protect children and keep business centres safe during the Covid-19 crisis.

Anyone who clicked on the link, however, would end up downloading the information-stealing Trojan Formbook.

To prevent such cyber attacks, SingCert said users should always refrain from clicking on attachments or links from unknown sources. Even if the e-mail or text message appears to be from a familiar source, always double-check details for authenticity, such as in the spelling and grammar of the language.

When unsure, it is preferable to refer to official sources such as the Ministry of Health website for any updates related to the virus.

Organisations, meanwhile, should ensure that their VPN or other remote access services are updated with the latest security patches. They should also enforce strict security policies such as the frequency of change and strength of passwords.

SingCert said: "With Covid-19-related threats escalating on the cyber front and the move to remote access technology as a key means of communication, the need to enforce cyber security is vital for organisations to deliver essential business operations.

"Hence, organisations and employees need to be prepared, and adopt a heightened state of cyber security to enhance their cyber security postures and stay cybersafe while telecommuting."

A version of this article appeared in the print edition of The Straits Times on March 28, 2020, with the headline 'Stay cybersafe as you telecommute'. Print Edition | Subscribe