Blogs DeMatteis School of Engineering and Applied Science Engineering Success

Cybersecurity in the Time of Coronavirus

Not long ago, IT specialists and users were far more likely to worry about a computer virus than an actual biological pathogen. But the novel coronavirus has upended everyone’s lives in a way few expected – and even fewer were prepared for.

As more and more business, educational and social interactions have moved online, what long-term effects can we expect from this massive migration to distance learning and working remotely?

“The bad news is that more business and learning conducted online means more opportunities for hackers to exploit system vulnerabilities,” said Hofstra University Special Associate Professor of Computer Science, Scott Jeffreys. “The good news is that the ways to keep our systems protected from these intrusions are generally clear and quite effective, provided everyone follows certain basic procedures.”

Jeffreys is a seasoned cybersecurity veteran who has worked with some of the nation’s leading computer software and cyber-protection companies. He is also a program manager for the Anti-Malware Testing Standards Organization, an international non-profit association that focuses on the global need for fairness and transparency in anti-malware testing methodologies. He offered the following observations and recommendations:

Inoculate Yourself and Your Organization
There may not be a vaccine to protect you against the coronavirus, but software updates and patches are like vaccines that can protect your computer systems from cyber-pathogens. Like vaccines, however, they are only effective when kept up to date. Scrupulously installing new updates – and deleting older, more vulnerable software editions – gives your system its best chance to withstand the ever-mutating strains of computer viruses that are circulating online.

Establish a Protective Regimen
Just as frequent handwashing, social distancing and other routine measures can keep you physically healthy, consistent adherence to certain procedures can help stop or slow the spread of malware infections. Always back up your personal data and your corporate systems using the 3-2-1 Rule: create at least three copies of the data in two different storage formats with at least one copy located offsite. And distance yourself from potential carriers of computer disease by avoiding suspicious e-mails. Check the sender’s address very carefully, and never touch links you don’t recognize. Otherwise, you risk being infected by ransomware or having your user credentials stolen.

Spread the Word, Not the Disease
Companies across the globe are being impacted by COVID-19 shutdowns. If you are involved in IT or part of a team coordinating telework or online education, speak loudly and often about the dangers of malware and how best to protect against it. Launch mandatory ten-minute refresher programs to remind every user how to protect against threats that are multiplied by remote access. Be sure your organization has clear policies and procedures in place, and that everyone knows how to report a security breach and where their critical support contacts are within their own supply chain. By developing a detailed plan of care, you can ensure that when a virus hits – and it will – your organization is able to restore its health as soon as possible.

What Will the Future Hold?

One thing is certain: our world will emerge from the COVID-19 pandemic forever changed. Jeffreys took note of some of the ways tomorrow’s world of work and learning might reflect the impact of today’s shared crisis.

The Business of Education Will Change. “This wholesale shift to on-line courses will change the shape of higher education forever,” said Jeffreys. “This has both fiscal and operational implications for universities that have not yet even been explored.”

Exposed Access Points for Exploitation. With more students participating from across the globe, university, college, and high school servers will be even more mission critical – and a more inviting attack vector for ransomware. “For a long time, organizations hoped that ‘security through obscurity’ would protect them from cyber-intrusions,” said Jeffreys. “Essentially, that strategy imagined that so long as vulnerabilities remained undiscovered, a system was safe. Now it is clear that hoping a thief doesn’t discover the back window is open after finding the front door locked isn’t going to work anymore.”

Greater Emphasis on Network Security. Although as individuals we too often slip back into old habits when danger recedes, the increased awareness of our vulnerability on a corporate or organizational level may have a more lasting impact. Already, for example, ISPs are providing network level security at a stronger level than in the past, and many organizations are finally taking greater strides toward building a culture of cybersecurity. And with the likelihood that working remotely will become more prevalent even after the threat of COVID-19 has passed, tighter protective measures are almost certainly ahead.

“In the same way the coronavirus pandemic is likely to have long-lasting impact on how we protect ourselves as a society,” noted Jeffreys, “so too the move toward more telework and remote learning will probably have a positive effect on our commitment to protect our computer systems and data. There will always be new threats out there, but our best hope is to remain vigilant and do everything we can to keep them at bay.”

In a recent virtual event, Jeffreys addressed the new cybersecurity challenges and how you can protect yourself during the massive migration to distance learning and working from home due to the COVID-19 global pandemic.