Staying Cyber Safe during challenging times

COVID-19 response is in high gear across Canada. Organizations are working hard to put new processes in place to keep employees safe, support workers as they shift to remote working and adjust business operations to meet changing needs. Our priority at Microsoft is the health and safety of our employees, partners, customers and communities, which is why we are making Teams available for free – so organizations can stay productive as they transition to remote work.  We are also focused on helping organizations ensure that while employees are working remotely, they are doing so securely. 

The disruption caused by COVID-19 provides heightened opportunities for cyber criminals. In fact, the Canadian Centre for Cybersecurity (CCCS) has observed increased reports of COVID-19 related phishing campaigns and malware scams targeting Canadians. But with preparation and the right tools, it is possible to protect your organization from cyber threats.

With employees working on home networks – and sometimes even personal devices – everyone should maintain a heightened vigilance to cyber threats. It’s more important than ever to ensure your organization maintains security best practices and monitoring while businesses adjust to the current realities.

Remote workers have access to corporate information and networks. Warn your employees to expect more pandemic themed phishing attempts. Encourage them to use additional scrutiny on anything that looks “off” – urgent requests that break company policy, use emotive language or have details that are slightly wrong. Provide clear guidance on where to quickly report suspicious messages.

Healthcare, governments at all levels and critical infrastructure are on the front lines of coordinating the pandemic response here in Canada and keeping essential services operating. The CCCS, Canadian Anti-Fraud Centre and World Health Organization (WHO) have recently issued alerts including Cyber threats to Canadian health organizations which contains important guidance, much of which is applicable to a broad range of organizations. 

What you can do

While cyber criminals are attempting to capitalize on the COVID-19 crisis, they are using the same tactics they always do. Individuals and organizations both have a responsibility to be vigilant and proactively protect their data. 

For Home

1. Make sure your devices have the latest operating system version, security updates installed and an antivirus or anti-malware service. For Windows 10 devices, Microsoft Defender Antivirus is a free built-in service enabled through Settings. Turn on cloud-delivered protection and automatic sample submission to enable artificial intelligence (AI) and machine learning to quickly identify and stop new and unknown threats.
2. Use multi-factor authentication (MFA) on all your important accounts. Most online services now provide a way to use your mobile device or other methods to protect your accounts in this way. Here’s information on how to use Microsoft Authenticator.
3. Scammers are improving so refresh your knowledge on how to spot phishing emails and telephone based fraud. Here are some best practices you can use to protect yourself from phishing attempts. CCCS GetCyberSafe also has good learning resources. Outlook.com and Hotmail users can go here for guidance on how to report phishing messages and improve spam filtering for everyone.

For more information on how to stay safe online at home please see our resources here.

For Businesses and Partners working remotely with Office 365

In addition to the recommendations for Home users, please consider the following:

1. Use multi-factor authentication (MFA) with all employees. This will prevent a significant percentage of identity-based attacks. Use Windows Hello biometrics or Microsoft Authenticator with Conditional Access and other guidance on this approach.
2. While many employees have work laptops they use at home, it’s likely your organization will see an increase in the use of personal devices accessing company data. Azure AD Conditional Access and Microsoft Intune app protection policies together helps to manage and secure corporate data in approved apps on these personal devices.
3. To utilize advanced threat detection capabilities in the cloud, consider enabling Microsoft Defender Advanced Threat Protection, Exchange Online Protection, and Office 365 Advanced Threat Protection. You can learn more about available options here.
4. Have a plan to respond to a cyber security incident and establish roles and responsibilities within your organization. Practice the plan as thoroughly as possible to identify where there are gaps. Know how to contact your Microsoft support representative and understand the type of assistance that they can provide.
5. Continue to monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure with Secure Score. You are given guidance with points for configuring recommended security features, performing security-related tasks, or addressing recommendations with a third-party application or software. 

For Everyone

Don’t become part of a disinformation campaign. Reference the latest health information and Canadian government cybersecurity advisories from legitimate sources such as:

• Coronavirus disease (COVID-19) (Public Health Agency of Canada)
• Coronavirus disease (COVID-19) outbreak (World Health Organization)
• COVID-19 fraud (Canadian Anti-Fraud Centre)
• Staying cyber-healthy during COVID-19 isolation (Canadian Centre for Cybersecurity)

For additional information and best practices for staying safe and productive through remote work, community support and education during these challenging times, visit Microsoft’s COVID-19 resources page for the latest information.

These are certainly unprecedented and challenging times. However, with the right type of awareness and action, we can all help prevent a cyber security incident from causing more harm.