China first alerted the world about a new virus that spreads through respiratory droplets in December 2019. Since then, more than three million people have died from the virus. Aside from taking lives, the spread of COVID-19 affected many economies. Countries went into recession trying to curtail the spread of the virus and take care of their citizens.
The workforce that was largely operating from the corporate environment moved its operational base to the home as countries started initiating lockdown protocols. As malicious entities became aware of the new development, cyber attacks began to rise. This article discusses how you can protect your online privacy in the middle of a pandemic.
COVID-19’s Influence on Cyber Threats
Due to how quickly COVID-19 can spread, several countries have embraced new measures such as enforcing lockdowns to prevent a surge in the number of infected people. During the peak period of the spread of the virus, remote work became necessary and not just an option to the workforce. This created an avenue for malicious entities to operate. Due to reduced physical interactions, more people relied on their devices to access company resources, keep up with friends and family, and get the latest news updates.
This led to a spike in cyberattacks, especially phishing attacks. A phishing attack is a form of social engineering attack where the malicious attacker presents something fake as original in order to obtain personal or corporate information that will grant access to data. A popular example is when you receive an email indicating a problem with your PayPal account, and you need to click a link to log in, but the email does not come from PayPal. When you click on such links, it takes you to a look-alike website such that if you enter your log-in details, the attacker will steal your credentials and have unrestricted access to that account.
Malicious entities have perfected the art of phishing, as sometimes it may take a trained eye to identify such scams. As a response to COVID-19, various countries presented apps to residents to create a way for them to get updates or reach out to health professionals if they are exhibiting symptoms. Contact tracing applications also became a way to monitor those infected and prevent them from infecting others. Malicious entities, taking advantage of the fact that these applications are springing up, are using the COVID-19 situation to create similar applications that contain malware and present it to users as legitimate COVID-19 informative applications.
Asides from malicious apps, there have been concerns about verified contact tracing apps regarding privacy and security. Some people argue that regions with heavy surveillance can use these apps to violate users’ privacy by requesting unnecessary permissions before they can be installed. Others are concerned with how secure these apps are. Recently, a new tool discovered that some of these applications are vulnerable to cyber-attacks. So, it is now imperative that people become more aware of online threats that the new normal poses and protect themselves accordingly.
Privacy Concerns in a Pandemic
The biggest privacy concern remains COVID-19 digital contact tracing applications. In fact, some of these tracing apps contain security and privacy vulnerabilities. While these applications go a long way in the battle against COVID-19, there is some fear that they can violate users’ privacy. In fact, it is this fear that has not allowed many people to download such applications. Most tracing applications use the Google/Apple Exposure Notification (GAEN) system alongside Bluetooth technology. These applications can inform people who come in close contact (usually within two meters) with infected persons.
Fortunately, the GAEN system was designed with privacy in mind, such that the government or health professionals cannot collect personally identifiable information without the user’s permission. It prevents the authorities from collecting personal data. However, there are other countries that do not use this system and have created their contact tracing applications without the safeguard that the GAEN system provides.
In countries with a history of internet censorship and violation of human rights, contact tracing applications can act as a tool for surveillance and the collection of personal information. Some of these governments use network-based location tracking, giving them access to the personal location data of residents. There is also the risk of malicious entities attacking a central database where the government stores data from these applications so health professionals can access them.
How To Protect Your Online Privacy
There are several ways to protect your online privacy. Let’s take a look at a few things you can do to reduce the risk of exposing your data.
1. Don’t Accept Unnecessary Permissions
Permissions determine what applications on your device have access to. If an application asks for unnecessary permission on your device, you need to remove that application. Hackers and other malicious entities are now using applications to collect information that they can use to exploit you and steal your data. As regards COVID-19, different apps are pretending to be reliable sources of information and can steal data with the right permissions.
It is important to note that you can revoke permissions even after you have previously accepted them. Identifying when permissions go beyond the necessary is an important skill you need to learn. For example, a dating application asking for your location may be normal, but a flashlight application asking for permission to access your location is suspicious.
2. Use Two-Factor Authentication on All Accounts
Two-Factor Authentication (2FA) is a way to keep your accounts secure by ensuring you provide two different ways to access them. A popular example is using a password and an authentication code to log in to your account. You can’t enter that account without providing both the password and authentication code. It is a way to ensure that even if someone has access to one form of authentication, they cannot access your account. To protect yourself from phishing attacks, ensure that you have implemented 2FA on all accounts you use.
3. Don’t Click on Links or Open Attachments Without Verifying the Source
Phishing emails are mainly successful because people click on links or download attachments without verifying the source. When you receive an email that contains a call to action like clicking a link, you need to inspect that link to be sure that the source is not a malicious entity waiting to steal your credentials and data (financial information in most cases). Regarding COVID-19, many emails are going out pretending to be from verified sources giving information about the pandemic. Open only links and attachments you know the source.
4. Always Update Your Devices and Applications
Every device you own that connects to the internet needs to be updated as soon as updates are available. This is because vulnerabilities in operating systems and applications can result in a successful cyberattack if malicious entities discover them before you install updates. It is the same with applications, as outdated software can have bugs that hackers can exploit. It is also important to download applications only from trustworthy sources, as hackers become creative and create applications that seem harmless until you download them.
5. Get Rid of Accounts You No Longer Use
As data breaches are becoming more prominent, it is crucial that you delete accounts that you no longer use, especially if you use the same password across different platforms and applications. This is because if hackers breach a platform you no longer use, your data is likely to be there still. With that data, they can breach other accounts you have provided you have the exact login details. So it is crucial you reduce your digital footprint, especially in places you no longer visit.
6. Use a Trustworthy VPN Service
Virtual Private Networks are vital as we are battling a pandemic. This is because a VPN creates a private tunnel that you can use without the fear of hackers listening in on your conversations and stealing personal or company data. What is more important than a VPN service is a trustworthy one, as there have been cases where people use VPNs that infect their devices with spyware or other malware. Using VPN services that are not reliable increases the risk of any person or company violating your privacy.
Despite the challenges that the COVID-19 pandemic brings, people need to learn how to ensure that their data does not end up in the wrong hands. Hopefully, this article will help you take measures to prevent any entity from violating your online privacy.