#Covid19: Proposals for cybersecurity in healthcare organisations

There has been a considerable uptick in “work-from-home”, and this guide is both for the employees and the hospital administrators. I am outlining specific ideas which can be utilised for “internal staff memos”. I do hope that you’d find them useful.

  1. Beware of the phishing emails. These emails appear to come from legitimate domains but are either misspelt or outright dangerous. Therefore stick to the official email address for all internal communication and avoid using your personal email addresses. People are generally unaware of “email headers” which display a route back) and is usually hidden from the view. It would be too onerous to check for the same though you need to be alert that cybercriminals would be using carefully crafted emails. These emails would purport to come from the “CEO” to the staff or offer a “cure for the coronavirus”.
  2. Don’t click on any link indiscriminately as they may be cleverly designed to load malware on your devices. Not everyone uses a Linux box that prevents escalation of privileges on the desktop. Mobile phones like iOS are horribly unsecured (despite their claims of “security”) and have terrible adherence to standards. In the unfortunate instance of you being stuck with an Apple device (either out of hubris, work issuance or plain bad luck), I’d suggest shifting to a better patched Samsung with Knox that actually works 🙂
  3. Enable multi-factor authentication systems before you access. They are the double layer of security- like a random number every thirty seconds which you need to enter after you have put in your password. I use and recommend 1Password (for individual use, families and teams). I have complex passwords for each website with two-factor authentication built-in. I expressly avoid SMS for getting the one-time passwords (as the SIM cards can be easily cloned).
  4. Be aware of good computer hygiene. I recommend Linux OS (as most services work through the browser). macOS has become bloated and unusable in the last few iterations. Windows 10 is a monstrosity wrapped in a security nightmare!
  5. Use a secure Wifi. If needed, I prefer (recommend and use) Mulvad VPN.
  6. Always remember that confidential information is still confidential- whether on a work computer or your personal one. Always ring-fence your work.
  7. Update your emergency contacts and establish multiple lines of communication as a backup. In case the corporate systems are hacked or go down, it would be preferable to use Signal or Telegram applications to stay in touch through leadership. I’d prefer a Telegram channel to disseminate the information if a crisis happens. It would keep a clear line of thought and action.

In the past few days, I have been working on a massive group on Telegram promoted by a state government to help build a “confidence-building measure” in the coronavirus outbreak. It has been a tremendous learning experience for me as I have now learnt to manage the communities on the frontline. I would be writing soon about it.