Kenyans Exposed in New Work-From-Home Trap

Undated file image of an individual with a hidden face working on a computer.
Undated file image of an individual with a hidden face working on a computer.

Think very carefully before clicking on a tempting link supposedly from the World Health Organization (WHO), with positive information about the cure for Covid-19. Chances are it will be a hacker preying on your understandable anxiety about the Coronavirus pandemic.

As Kenyans scramble to make sense of the Coronavirus pandemic and working from home becomes the new normal, criminals are hard at work seeking to capitalise on the widespread panic – and succeeding.

"From our Cyber Intelligence Centre, we have observed a spike in phishing attacks, malspams and ransomware attacks as attackers are using Covid-19 as bait to impersonate brands thereby misleading employees and customers,

"This will likely result in more infected personal computers and phones. Not only are businesses being targeted, end-users who download Covid-19 related applications are also being tricked into downloading ransomware disguised as legitimate applications," reads a section of a Deloitte audit on cybersecurity.

A man working using a laptop. Following the Covid-19 outbreak, working from home is the new normal
An individual using a laptop

The virus has forced organisations and individuals to embrace new practices such as social distancing and working from home, with the latter not only exposing individuals to attacks but sensitive company information is at risk as well.

These heavily masked group of hackers reportedly toy with the emotions and fear, coupled with the incessant need to get any news that could offer hope such as vaccines or test trials.

Speaking to, a 'white hat' ( an internet slang referring to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies), explained that cybersecurity was a relatively new term to most Kenyans, thus making them prime candidates for phishing expeditions.

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

"Some of this malware come in the form of something as simple as a link to a free subscription to these popular leading internet entertainment service media," she explained.

"The surge in virtual conferencing and other collaboration tools could expose more vulnerabilities for hackers to exploit," she further added.

A new trend called "Zoombombing" is hacking into virtual meetings on the popular platform, Zoom, where these hackers then go on to present inappropriate, offensive material or otherwise disrupt the conference.

A man pictured while working on his personal computer.
A man pictured while working on his personal computer.

With a huge part of the nation working from home, cyber hackers are looking to exploit these and various other vulnerabilities such as discreetly accessing your webcam and recording you in private, in an attempt to steal valuable information.

How then do companies and remote workers protect themselves from cyber-attacks?

The cardinal rule to combat potential attacks is to inform company cyber-security experts if one is moving or using a different computer than the one provided to them, avoiding using open public Wi-Fi networks in cafes and opening suspicious emails or attachments, updating all software, and using reputable antivirus software or firewalls.

One could also employ the habit of using Virtual Private Network (VPN) - a program that allows people or organisations to safely connect to a computer when they are using a less secure network.

Employees who connect to the internet using public Wi-Fi networks risk their browsing history being seen by third-parties. Using a VPN offers privacy and hides browsing history, hence protecting company/personal data from being seen by unauthorised personnel.

As for the notorious zoombombers, the white hat advised the following:
1. Create separate passwords for each virtual meeting
2. Establish a Zoom waiting room for meeting participants
3. Lockdown the meeting once everyone invited to attend has joined
4. Do not publicly post meeting links on social media or any other public platform

  • . . .