In early 2020, the COVID-19 pandemic dramatically changed everyday lives. Many employees moved to remote work, students and educators shifted to virtual environments, and quarantined consumers took advantage of online shopping and delivery apps. Their private data became more vulnerable than ever before.
While the world remains focused on the coronavirus public health crisis, cybercriminals have seized the opportunity to raid the wealth of private data that has migrated online. The torrent of attacks can be designed to obtain confidential data, destroy personal computing infrastructure, or gain access to large caches of information like stored customer details.
“Cybercriminals are highly active due to the unprecedented rise in online activity and financial transactions, increasing the chances of stolen confidential information,” says Dr. Bob Duhainy, core faculty member for the Doctor of Information Technology program. “Individuals might feel an escalating lack of control over their private data.”
Cybercriminals are using the cover of COVID-19 to fine tune their attacks. Phishing emails entice consumers with information about masks, antibody tests, stimulus checks and more. Thousands of malicious websites have been registered over the past year using terms like COVID-19, coronavirus, Centers for Disease Control and Prevention (CDC), vaccine and more. These tactics encourage individuals to click cyber-engineered links that can capture private personal data or install malware that disrupts an entire system.
“The change in working, schooling and shopping environments brings the risk of cybersecurity threats directly into our homes,” says Dr. Duhainy. “Many employees and students working from home lack the cybersecurity knowledge and training needed to keep valuable data private and organizational infrastructure assets safe from cybercriminals. Some might not have the technical hardware and software that their employers use to defend their networks from attacks.”
The FBI’s Internet Crime Complaint Center last year reported between 3,000 and 4,000 cybersecurity complaints per day, up from about 1,000 daily complaints before the COVID-19 pandemic. In addition, the 2020 Identity Fraud Report indicated identity fraud is up 41 percent compared to 2019, with the bulk of attacks increasingly coming from amateurs.
Dr. Duhainy recommends several important tips to help individuals keep their data private during this tumultuous time:
- Update your software. Cybercriminals are aware of the vulnerabilities associated with various apps, especially when they are outdated. Maintain the latest security updates for computers, browsers and mobile devices to safeguard data. Configure automatic updates for antivirus software to help protect technology from the latest threats. Remain consistent with upgrades for employer- and school-provided hardware.
- Log out. Never save private data, including names, passwords, addresses or credit card details, using the “remember me” feature on websites. Try to use one credit card, not a debit card, for all online purchases. Log out of store accounts after each purchase to reduce the chance of compromised information if an online retailer has a data breach. Follow this through in other scenarios – log out of work and school computers at the end of the day, as well as social media and other platforms where important data is housed.
- Stay alert for phony emails, especially with promises of COVID relief. Hackers often use phishing emails to pose as someone else, including friends, retailers and even the government. Verify the sender’s credentials before opening an email attachment or clinking links, especially for unexpected requests, unsolicited offers or unfamiliar domains. To avoid any unforeseen cyberattacks, manually type websites in your internet browser to check their veracity.
- Use private wireless networks. Everyone wants a break from their houses now and then, but be mindful that free, public wireless networks make it easier for cyberhackers to obtain private information. Before entering personal data for any reason, connect to a secure Wi-Fi network.
- Take a second step. One of the best ways to secure web-based accounts is through two-factor authentication or 2FA. This provides email, social media and online financial services with another way to verify users’ identities when logging in. For some platforms this could mean signing in with a traditional password and then entering a numerical code texted to the user’s mobile device. Even if a password is stolen or a phone is lost, the chances of someone else having the second-factor information is highly unlikely.
“Good cyber hygiene, which is the practice of proactive cyber safety habits, is the best way to protect your information from falling in the hands of cybercriminals,” says Dr. Duhainy. “Manage your privacy so you can safeguard your data in 2021.”