COVID-19 Pandemie – Eine neue Dimension des Cyber-Risikos
Everyone is talking about security these days, for example protecting against health risks such as coronavirus, which is currently understandably causing uncertainty and fear among people on a global scale. A state of emergency has been declared in many places. People are asking themselves: how should I behave in order not to contract the virus, what types of behaviour could lead to possibly catching the virus? If one compares this with potentially dangerous computer viruses, many parallels can be identified, and both face the same as yet to be resolved questions:
- How do I protect myself against viruses?
- Am I at risk, or in other words, do I offer the “attacker” a potential target?
In addition, there is firstly the experience of what it means when large parts of the economy and society are suddenly paralysed. A similar effect – not only hypothetically – could be caused if the worst-case cyber security scenario were to take place, for example if ransomware were installed and all data were encrypted in order to then use this as blackmail.
Secondly, the home office recommended due to the COVID-19 pandemic does not only give a further boost to digitalisation. Through the decentralised way of working and virtual connections, it creates new targets that can be attacked, something that up-to-date cyber security management must take into account.
National borders do not protect against viruses. This sentence applies in both the real and virtual world. With increasing globalisation and digitalisation, there is also a growing awareness of cyber risks and of the fact that Switzerland is not a protected island (see interview with Martin Clements). And this has been the case since before decentralised working from home suddenly became the norm in order to minimise health risks as a result of the COVID-19 pandemic.
Best practice tips
Working from home increases the level of personal responsibility of each individual employee. Which risks does this entail and how can you protect yourself against them? Below are a few best practice tips:
- Virus protection
Make sure that an up-to-date virus scanner is installed on your computer. Even if you work with a company laptop in your home office, it must be checked regularly for viruses.
- Visual protection
Make sure that third parties cannot see your screen, for example through your home office window. If you leave your home office, even for a short time, lock your screen.
- Caution with regard to social engineering
Be careful with e-mails (e.g. phishing e-mails) that are being used to exploit the current corona crisis and contain, for example, information about resetting a password, a “necessary” Windows configuration (e.g.: contact from a “Microsoft technician”), etc. which are designed to gain access to your sensitive data.
- Using a secure cloud
If your employer provides you with secure cloud solutions for working with your colleagues, use them. In such cases, the exchange of documents via the secure cloud infrastructure (e.g. Office 365) makes the most sense. Your employer will carry out the necessary checks. If no secure cloud solution is available to you, then ensure that you use a secure browser and do not send confidential files via public clouds (Dropbox etc.), but via a secure form of communication, for example as a zip file using an encrypted e-mail. You should share the password beforehand via another channel, for example by telephone.
It might also be necessary to adjust the existing IT guidelines to the new working environment, i.e. the home office. This includes increasing awareness among employees for new forms of social engineering attacks and fraud attempts.
These tips are intended to serve as an example. By applying well-established best practices, you will also be on the “safe side” in your home office. This is because Swiss banks traditionally meet high security requirements and are prepared for taking these risks into account – not least as part of their strategy to combat cyber risk, which is currently being implemented together with the authorities.