With work routines changing and far more people working remotely due to the COVID-19 pandemic, computer users need to be vigilant to protect our digital infrastructure, advises a Brock University professor.
“We will be increasingly subject to a range of cybersecurity threats as our attention is placed on fighting COVID-19,” says Aaron Mauro, Assistant Professor in Brock’s Centre for Digital Humanities. “We’re seeing tremendous sums of money being spent by governments, which will be a target for hackers interested in using ransomware attacks, for example.”
Ransomware attackers use phishing scams to access an organization’s computer system and to install software that locks legitimate users out of the system by encrypting files. The attackers then demand financial payment to restore access.
The U.K.’s National Health Service was a notable victim of a ransomware attack in May 2017, locking staff out of 200,000 computers. The attack and its aftermath are estimated to have cost the Health Service more than $120 million.
In more recent months, ransomware attacks have targeted municipalities in Johannesburg, Baltimore, Albany and Atlanta.
Mauro worries hospitals and other critical infrastructure may be targeted by cyber attacks during the peak pandemic crisis, when government and public health officials are already exhausted.
“A targeted email sent to several high-level hospital or public health officials has the potential to grant high level access to computer systems and potentially cripple some portion of the digital infrastructure that supports our healthcare system,” he says.
Mauro advises everyone to be extra cautious.
“Check the sender’s email carefully,” he says. “They may look legitimate and even differ by only a few characters. If you are sent a link or a suspicious file, avoid opening it if at all possible.”
Users should never enter their login credentials in an unfamiliar site and should use second-factor authentication when available. If asked to login to a site, users should navigate to the site themselves, rather than follow a potentially suspicious link in an email.
“We all need to think like a cybersecurity professional to avoid compromising our sensitive digital infrastructure that we will depend upon in the coming months,” says Mauro.
Brock ITS warned the Brock community Tuesday about a COVID-19 phishing scam currently circulating. Staff and students are urged to exercise caution opening, answering or clicking on links outside of the brocku.ca domain related to the COVID-19 virus.
Brock users who receive an email related to COVID-19 that seems suspicious are asked to phone the Help Desk at x4357 and forward the email to itsecurity@brocku.ca