Qbit: Remote working during the Coronavirus crisis

The COVID-19 virus is spreading and we are seeing countermeasures rolled out across the globe. Adults are working from home, and children schooled from home. This is putting your home IT systems under more strain than they have ever been and so the need to make those systems more secure has never been greater either.

Prevent digital isolation by putting a halt to other viruses.
Our experts are constantly vigilant and trying – successfully – to stay one step ahead of the cybercriminals. Here those experts give their top tips and advice to protect you and your family from potential traps laid by the cybercriminal exploiting the current situation for their own goals.

Tip 1: Patch your systems
The more the devices in your home network are up to date in terms of software and firmware, the smaller the chance that a hacker will find a way into your home network. This is because updates fix known vulnerabilities and make it much harder for hackers to gain access and attack them. Look online for all sorts of guides on how to update your device – and how to configure automatic updates so you need never worry about doing so manually again.

Tip 2: Use reliable sources of information
Everybody is currently interested in COVID-19 (the corona virus) and its current status. Do a Google search and it will return hundreds of websites, some of which are authoritative, others less so. There are others that have been set up by hackers as scam sites, ready to trap the unwary. These sites may appear to inform you regarding Coronavirus, but in the background they secretly attack your computer or web browser to, for example, install ransomware or mine bitcoins. Please ensure you use reliable sources of information such as Thuisarts.nl and RIVM.nl.

Tip 3: Don’t fall for phishing
Currently a large amount of phishing e-mails and messages are circling, mostly related to COVID-19. We’ve seen emails circulating promising Government payments for people who quarantine themselves, and to complete a form (that invariably asks for banking details) so payments can be made. Of course, such schemes do not exist but in this climate, they could and those that are concerned or vulnerable can easily be taken in. Continue to stay vigilant and don’t fall for phishing attacks.

Tip 4: Use hard to guess passwords
Hackers can, through clever automation, try thousands (sometimes even millions) of passwords in order to guess your password. Ensure that you have a password that is not easily guessed. We recommend that everyone use a so-called password safe and creates passwords of at least 12 random characters, or long passphrases of at least 25 characters. A self-created 12 character (or less) password usually contains typical human patterns (capital letter at the start, birth year at the end, replacing ‘e’s with ‘3’s etc.) and is considerably easier to guess. Have no doubt: if your password is formulaic in any way, an automated password guessing system will find it!

Tip 5: Use two factor authentication
A large amount of service providers such as gmail, Hotmail or banks offer two factor authentication. This means that when signing-in, you will need not only your password, but a code or approval of your mobile device as well. By doing this, you ensure that even if a hacker has somehow gotten hold of your password, he or she can’t access your account.

Tip 6: Do it now
Quarantine measures are affecting everyone varying just a little between different countries. Face to face meetings have been cancelled, sport and social events are cancelled and working remotely has become the new normal. This obviously has a lot of downsides, but it also has an important upside. You now have a lot more time to do things in or around your home. Which makes this the ideal moment to do some of the things you normally don’t get to. Some of these could be cyber security focused. Instead of hitting the gym set about turning on your two-factor authentication everywhere. Two factor authentications? It’s that thing that makes your systems so much more secure, but you’ve not had the chance to activate before. Now’s your chance! Or you could use the time you would normally spend commuting to update your Smart TV, router, mobile phone and even your heating system. Like Winston Churchill once said: “Never let a good crisis go to waste”.

Tip 7: Doe het nu!
Finally, for the more technically minded… there are online services (e.g. shodan.io) which do nothing but scan the internet for vulnerable devices. By retrieving your own external IP address through one of the many websites (such as wtfismyip.com) and using the search function on shodan you can gain insight in what attack surface you are exposing towards arbitrary attackers with internet access. Ideally, you can conclude that you are not exposing anything. However, it is also possible that you will find your NAS or IP Camera to be approachable for anyone with internet access. You can then take direct action by reconfiguring the device or changing settings in the router.

Finally, keep safe, and keep secure.