Hashtags like #WashYourHands and #StayAtHome have taken the internet by storm during the COVID-19 pandemic. But can the same be said for "digital hygiene"? We're aware of the importance of toothbrushing and flossing. Neglecting the simplest hygiene routines can cost you, in money and in health. Bacteria sense weak spots where you didn't floss and take root. Cybercriminals, like bacteria, have certainly taken note of the current disruption. They have been hard at work wreaking havoc on organizations, including hospitals, labs and research facilities. It's clear we need of a refresher when it comes to practicing safe internet use---or digital hygiene.
Making the shift
The dramatic shift from office-based work to working from home has put people, processes and technology to the test. Today's unprecedented surge in demand for technology has presented challenges, from increased wait times to complete service disruptions. A recent snap poll by Gartner found that 54% of HR leaders surveyed identified "poor technology and/or infrastructure...is the biggest barrier to effective remote working." Technology alone can't take all the blame for our current challenges. Processes and policies also play a key role in helping us get back to business as usual. We need to align people, processes and technology in this new reality. It's tempting to use all emerging technologies to keep pace with this surge in demand. But it's best to bring IT professionals into the conversation ahead of rolling out new platforms, such as apps for file sharing, videoconferencing, instant messaging and so on. This practice will help avoid employing "shadow IT." Cisco Systems defines this as "the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group" within an organization.
Bringing IT into the conversation
First, let's recognize the efforts of information technology professionals around the world. We can only imagine the tsunami of incidents and requests they are handling. IT professionals must carefully evaluate all activities against criteria including security, compatibility and cost, to name a few. Decisions made in haste could have disastrous consequences. IT teams around the globe need time to deliberate. This is an opportunity for professional communicators to help reduce the burden on IT. Reach out to IT leadership to see whether strategic communication can help position everyone for success as systems fight to keep up with the rate of change. Let's not stop there. Use your influence in the boardroom to help IT leadership in the fight against a potential crisis within a crisis: cyberattacks.
Kicking systems when they're already down
Cybercriminals are becoming increasingly sophisticated. The public internet, along with emails, text messages, phone calls and social networks, affords cybercriminals a boundless supply of victims. The element of global fear and uncertainty amid the COVID-19 pandemic only makes their job easier. Their methods are also becoming increasingly more sophisticated. Cleverly worded emails, links and attachments are just a few examples of their methods to target people and organizations. Cybercriminals are smart and creative in their pursuit to steal, extort, or even just do the most damage. Sometimes, their goals are both profit and irreparable harm to a company. The purpose of terrorism is terror.
Practicing safe internet is a shared responsibility
Information technology professionals alone cannot be responsible for leading the charge to combat attackers. And preventative measures using software and hardware can only go so far. The numbers are telling. Recent figures reported by PC Magazine show a 350% increase in phishing attacks amid the COVID-19 quarantine, aimed at drawing users into a carefully constructed trap to reveal their passwords or other information. This only further underscores a key fact: We all have a responsibility to practice safe digital hygiene. Like brushing teeth, it should be a daily habit. For starters, exercise caution if asked to open a link or attachment, whether it's in an email, a text message (SMS), or a webpage. Apply the same degree of caution when conducting business over the phone, or through voicemail. Don't share passwords verbally or on recordings. Be skeptical about communications that demand action within a deadline. If it's something really so important, an authentic source will likely have an alternative way of contacting you. Web addressees should also be treated with caution, especially those featuring web forms. Double check the "lock" icon in the address bar, along with the URL address spelling and formatting. Misspelled URLs are sometimes acquired to trick users, a practice also known as "typosquatting." Typos and URL formatting are just two examples of the ways in which cybercriminals get you to pay a bill to them, and not, for example to the utility company. COVID-19 messages from unsolicited sources requesting payment in return for products or services, or requesting donations, are growing online. Be particularly wary of unsolicited communications offering you a test for the virus or your test results. The same can be said for messages asking to help trace all people you've been in contact with because one of your friends has COVID-19.
Communicate what's official
Now, more than ever, is the time to remove brand style guidelines posted on company websites. This makes your logo, typeface, and color schemes too easy to copy. The same applies to the "component libraries" often posted for designers, which prescribe a company website's look and feel. This can be a gift to criminals who want to pose as you to divert payments or just cause trouble. Consider publishing a webpage featuring a one-stop-shop listing of your organization's official channels. This could include posting telephone numbers and trusted links to the organization's official social media channels. You can also post a general message the official corporate website outlining how and when the organization will communicate with stakeholders, to give them added confidence when they receive communications from you.
Spread digital hygiene, not viruses
We've now become accustomed to regular handwashing and physical distancing. The next step is to practice, and maintain, digital hygiene. Schedule an hour or two over the coming days to strategize. Get in touch with IT to develop a greater understanding of their pain points. These conversations can shed invaluable light on how your organization can help thwart cybercriminals. Let's focus on spreading hygiene, not spreading viruses, biological, or otherwise.
10 practical tips to employ as part of safe digital hygiene
- Arrange a virtual #CyberCoffeeChat with your IT leadership.
- Advocate for the inclusion of IT professionals in decision making.
- Don't click on suspicious links, especially those mentioning COVID-19.
- Provide a list on your website of your organization's official channels (e.g., toll-free number, official social media channels).
- Encourage team members to lock workstation(s) when they are not in use.
- Provide instructions on how to use virtual private network (VPN), if available.
- Use only approved platforms and technology.
- Reinforce the importance of keeping workstation(s) neat and tidy.
- Be mindful of corporate content shared on social media, especially in images.
- Ensure sensitive printed materials are locked away.
Brennen Schmidt is a senior consultant with Deloitte Canada. Prior to joining Deloitte, Schmidt served as a communication consultant with Saskatchewan's public service for the greater part of a decade. His passion for technology has enabled him to work with clients and stakeholders across Canada and the U. S. to help discover how to better connect people, process, and technology. Schmidt co-authored Cyber City Safe: Emergency Planning Beyond the Maginot Line, a work that explores how we can live smarter, safer, and healthier lives. He has made media appearances in Canada both locally and nationally to speak to cybersecurity, emergency planning and crisis response.