Article
Cybersecurity hygiene for individuals working or learning remotely
March 24, 2020
As public and private organizations across the globe turn to remote work and remote learning to address and fulfill their missions and goals, cybersecurity hygiene is an important practice to revisit. Individuals should continue to be vigilant in the face of criminals and bad actors, who are always looking to steal data, disrupt systems or undermine an organization’s reputation and credibility. Review and confirm that the following cybersecurity hygiene areas and actions are in practice to protect individuals, the organization and the organization’s data in a remote environment. Just like washing your hands is good personal hygiene, continue to practice sound cyber hygiene.
Alert
1. LOOKOUT! For suspicious emails, texts, phone calls, apps
- Question communications about COVID-19; criminals are using this crisis to craft malicious communications about COVID-19, attempting to steal your information
- Pay attention to the website addresses; criminals are creating malicious websites with addresses similar to official trustworthy sites (e.g., fake Johns Hopkins COVID-19 outbreak map website)
- Block suspicious phone numbers sending texts or robocalls on your mobile phone
- Beware downloading new apps, especially ones coming through suspicious communications
2. KNOW! The proper email addresses, phone numbers (home, cell) for key contacts (e.g., supervisor, IT helpdesk, information security team) and organization systems (e.g., emergency notification system)
- Helps you easily spot suspicious emails, texts, phone calls
- Allows you to contact individuals directly to confirm communications
- Provides multiple methods to contact individuals
3. CHECK! Your organization’s official website(s) daily for updates
- Bookmark/favorite in your browser these sites; use these bookmarks/favorites instead of typing the website addresses or clicking suspicious-looking similar links
4. REPORT! To your organization’s IT and/or information security functions, via the approved channels, any suspicious communications or events, as well as any systems that are not working properly