Clock 5 MINUTES

How COVID-19 Could Impact Your Data Security

COVID-19 (or the Coronavirus) is having a massive impact on the world, but it could be impacting your data security too. Here’s what you need to know.

21 Mar
2020
SelfKey
Identity Wallet
key-icon

The COVID-19 pandemic (commonly referred to as the Coronavirus) is having an incredible impact on our lives. Countries like China and Italy are in complete lockdown, and the US-Canada border is closing for the first time in nearly twenty years. For many, our lives are fundamentally changing, and the future is feeling uncertain.

However, COVID-19 has brought about changes in unexpected areas of our lives, in particular surrounding our data security. Cybercrime has been noticeably increasing, and there are concerns that ransomware attacks could disrupt both government and healthcare organizations. Here’s everything you need to know, including how to stay safe.

The current state of data security

The past year was not great for your data security. There were innumerable data breaches and billions of records were exposed. What has been notable is that there has been an increase in government agencies and healthcare companies becoming victims of data breaches. To give you some perspective, the following government or healthcare organizations were hacked in the last twelve months: the United Nations, the US Defence Information Systems Agency, LabCorp, LifeLabs, Bulgaria’s National Revenue Agency, Los Angeles County Dept. of Health Services, Maryland Dept. of Labor, and many, many more

Why exactly has there been an increase in targeting these types of organizations? There are a couple of reasons. The first is that, unfortunately, government agencies are generally not the most technologically advanced when it comes to cybersecurity and this makes them a prime target for data breaches. Old computer systems and out of date security measures allow hackers easy access. Obviously, this is not the case with every government system, but the majority do not have state-of-the-art security protocols in place to prevent breaches. 

Secondly, the data that healthcare and government organizations hold is incredibly valuable. In particular, there has been a rise in medical identity theft over the past few years, which makes medical records very appealing to hackers. Additionally, if a criminal has your social security number, they can steal your tax refund. Even if they don’t use the information themselves, hackers can sell your data to other criminals who can then steal your identity or use it to extort funds from you.

Thirdly, most major countries have their own government-backed hacking groups that they use to target rival countries. Naturally, confidential information and disrupting services like healthcare hurt the most, which makes them prime targets. While individuals are rarely the targets of these types of hacks (unless you’re a high ranking official), they can certainly have a major impact on your life.

What the past couple of years have shown us is that your data is not safe in the hands of organizations. Unfortunately, when it comes to government and healthcare related services, you don’t have much of a choice when it comes to handing over your personal information. However, it has been a wake up call for many organizations, especially with laws like the GDPR and California Consumer Privacy Act that make a lack of security and a lack of response punishable by law. 

The threats COVID-19 poses

During any tragic event, there are always people trying to capitalize off of it, and the Coronavirus is no exception. Cybercrime around the global pandemic has increased over the past few weeks, and in particular, phishing scams have used the virus as a theme. 

What makes phishing scams work (some of the time) is that they create a sense of fear, urgency, or curiousity; feelings that are already elevated right now due to COVID-19. These are extremely powerful emotions that can cause you to make decisions you normally wouldn’t. If you receive an email that looks like it is from your government regarding the Coronavirus, your natural inclination is to do what the email says. Hackers are counting on you not taking a closer look, which is what makes phishing scams so effective. Using real human emotions to prey on innocent victims is called social engineering and can be incredibly powerful in the right (or wrong) hands. 

In January and February 2020, Japan was hit by a massive phishing scam. An email appearing to be from a Japanese disability welfare service provider was sent out with an attachment supposed to contain important information about the Coronavirus. When the document was opened, malware was downloaded onto the victim’s computer. And this is only the beginning, there are certainly going to be more phishing scams in the future.

There has also been an uptick in website domains related to COVID-19, and the majority of these websites are 50% more likely to be malicious than other domains registered since January. All sorts of suspicious websites are claiming to sell testing kits, vaccines, and protective gear when in reality they are just capitalizing on fear.

The SelfKey Identity Wallet is a free identity solution for Windows, Linux and Mac. Get yours today!

Ransomware may be imminent

If you’re unfamiliar with ransomware, it’s a pretty basic idea. Hackers gain control of a computer or other device and hold it for a ransom. If the victim fails to pay within a given time frame, then the victim loses access forever. Since ransomware is a criminal activity, sometimes paying the ransom doesn’t restore access at all.

It’s a pretty effective technique because it preys on your fear of losing all of your files, photos, messages, etc., that are stored on your devices. When you apply this to a medical or government setting, ransomware could have devastating consequences, especially during a global pandemic. Criminals are viewing this time as an opportunity rather than a crisis.

A recent report by RiskIQ proposes that criminals are going to leverage the Coronavirus pandemic to launch ransomware attacks, particularly on healthcare organizations. Why? Because healthcare organizations are going to be more likely to pay and willing to pay more to have data released, especially when lives may be at risk. The effects could be devastating, especially if hackers target COVID-19 response and relief efforts.

There is a very real fear in the cybersecurity community that ransomware is imminent, and that the effects it will have in the fight against COVID-19 could be devastating. In fact, ransomware attacks could lead to the spread of the virus if governments and health services are delayed in finding and relaying important information to the general population. So far, there is no evidence that hospitals and government agencies are being specifically targeted, but if the trend of increasing ransomware attacks continue, things could get ugly.

How to stay safe

While there’s not a lot you can do to prevent a ransomware attack against a healthcare or government organization, there are some steps you can take to protect yourself against hackers. Here’s what we recommend:

  • Be suspicious – If you receive any email that claims to have important information, check to see who the sender is and what their email address is. Hackers will imitate actual organizations very closely, but something will be off. Don’t download any attachments without making sure it’s from a safe, legitimate source.
  • Be cautious of tempting offers– There is so much misinformation circulating right now regarding the Coronavirus. If something sounds too good to be true, especially regarding a cure or vaccine, it definitely is. Only follow the advice of your government and legitimate sources like the World Health Organization.
  • Install an anti-virus or security suite and keep it up-to-date – In case you don’t spot malware, it’s important that your computer does. Most email software is pretty good at catching phishing scams, but you may want something heftier just in case. Most importantly, make sure that your software is regularly updated as updates can include important security patches. To make things even simpler, turn on auto updates so you don’t even have to think about it. 
  • Enable two-factor authentication – This is one of the easiest ways to see if someone is trying to gain access to your accounts and stop them in their tracks. While not all websites and apps offer two-factor authentication, most of the major ones do. It might feel like a hassle at the beginning but it does a great job of protecting your data.

These small steps could protect your data from being compromised. Given the uptick in ransomware attacks, hopefully government and healthcare organizations will update their security systems too. This is a trying time, in more ways than one.

Conclusion – Data security during the COVID-19 outbreak

The future feels very uncertain right now, in more ways than one. The effect that the Coronavirus is having on data security may seem like an unexpected one, but it is also incredibly important. Suspicious criminal activity is on the rise, and the elevated emotions surrounding COVID-19 could make them far more effective than normal. If ransomware is used on hospitals and government services, the effects could be truly devastating.

This is a difficult time for most of the population, however, for criminals it’s a time that could be very profitable. Crime never stops, even during a global pandemic. In meantime, we should remain hopeful that this chaotic time will soon be over, and that healthcare and government organizations are paying attention to the habits of cybercriminals.