Communication is extremely important during times of pandemic, especially large-scale communication. For large-scale communication E-mail stands at the top for its low entry barrier, ease of use, and convenience. However, it is easy to overlook glaring weaknesses in security and privacy practices. This problem is compounded with the current events of the coronavirus (COVID-19) pandemic.
After the actualization of COVID-19, remote work quickly became a topic due to the self-isolation requirements. Having to work remotely meant that people needed to effectively communicate in order to sustain a productive business. On top of the normal communication tools such as email, phone calls, and text messaging, remote conferencing tools gained a surge in usage. One such example of increased usage is Zoom, a remote conferencing platform made popular through its ease of use and free service offers for certain groups of users. The Zoom case highlights something important: the need for security and privacy when utilizing online communications.
Do you know who could be listening in on your online conferences?
No company wants their trade secrets stolen, and no teacher wants interruptions in class. What we tend to forget is that before we can even use any of these nifty online communication tools, an essential layer of our security is constantly exposed to risk. A common factor to most online communication tools is the requirement of providing some sort of credential (such as an email address or phone number) before being able to create an account. It doesn’t matter how good the security of these services are if those credentials are weak to compromise. The damage and losses due to compromise is illustrated in cases of SIM swap scams.
It is foolish to think that what happens online can’t affect your everyday life.
For large-scale communication in modern society email is the most widely used, due to being a prerequisite for most other communication tools. Naturally, this means that if your email account is compromised all accounts associated with it become at risk (e.g. bank, business, and social media accounts). Without a doubt there has been an increase in emails in the context of COVID-19 and unfortunately, much of it is spam. Spammers prey on the context of urgency to fool people into clicking malicious links or attachments. Successful compromises can result from just the right context of spam at just the right time (e.g. sextortion, fake invoices, phishing/BEC). This data is often collected and sold on the black market.
Ever wonder why sometimes it seems like you’re the target of spam? Check out one of our previous articles on the topic.
Even during a PANDEMIC, ransomware still hits hospitals!
The success of exploiting urgency means that the COVID-19 pandemic provides a common topic of interest, creating many more openings for compromise. Although at first hackers seemed ethical, publicly announcing that they would avoid targeting health organizations , ultimately this appeared to not be the case. Although not directly related to spam, much of the time breaches occur to poor security practices. If a person is not educated to employ good security practices for their own personal accounts, it is only a matter of time before someone slips and compromises the security of a whole organization.
Due to the lack of education in basic online security practices, there’s a chance that possible cases of compromise aren’t reported. This could be due to simply lacking the awareness that a mistake had been made, or fear of punishment by management. Whatever the case may be, it just takes the credentials of one privileged account to deal massive damage to an organization. There are always lingering consequences of a compromised account.
At the end of the day, basic online security education is needed now more than ever.
The COVID-19 pandemic is an interesting case where the surge of online activity creates quick attention to the general population’s poor online security habits. This issue has always been present. The more aware organizations have either produced secure work from home solutions, or have opted to delay work from home options until they are able to budget the resources to produce them. The less aware and less funded (such as education and health sectors), are forced to continue providing their services in an increasingly dangerous online landscape.