How to stay safe online during the COVID-19 crisis

With much of the world on lockdown because of the coronavirus pandemic, many of us are relying on our phones, laptops and other devices to stay connected. While cyber-surveillance is a longstanding threat to human rights defenders and others, this new normal means options for using physical security alternatives (like simply communicating sensitive information in person rather than online) are seriously diminished. This raises the human rights stakes. It can mean everyone has more exposure to cyber-attacks and scammers who are seeking to exploit the outbreak. Here are six top tips on how to keep safe online.

1. Update phone, computer and apps

Your devices and any programmes that communicate with the internet should be up to date to reduce the risk of attack. Most browsers update automatically but look at the apps you use to read documents or view photos and videos you have found online.

If you are using old versions of these apps it is more likely there will be bugs that can leave your devices vulnerable.

“You could download a file from the internet, and it could exploit one of these bugs, which is a common way people are attacked,” says Etienne Maynier, Security Researcher at Amnesty Tech. Also make sure you use trustworthy software from trustworthy sources, like the Apple Store or Google Play.

2. Think before clicking

Phishing scams try to exploit fear and uncertainty, and those linked to COVID-19 are no different. Emails or SMS messages promising new information on the virus can contain malware in links and attachments – this is a typical social engineering strategy used by scammers who reel people in by purporting to be imparting urgent information.

“If the phishing attacks come from cyber criminals, they are most often seeking to access devices so they can steal financial information. They can also use ransomware to lock down the device and try to extort money to unlock it again,” says Maynier.

If you do not know the person or are not familiar with the organization that has sent the email or message, do not click on the link or open the attachment.

Also look out for anomalies in the way the message is written – often there are typos or the language used sounds off. If the message purports to be from an organization you know, but you are unsure it’s authentic, go to the website rather than opening any information sent in the email.

3. Protect your privacy

Spending more time online can mean exposing more of your personal information. This is a good time to review your privacy settings.

“You can limit a lot of the data that Google is collecting, such as location information and the history of searches you have done, by disabling that in your Google account,” says Maynier. “You can’t really control what data Facebook is collecting, but you can control what people see,” he adds.

Facebook and Google carry out unparalleled tracking of our lives online, so now could also be time to experiment with services that do not belong to the world’s tech giants. Messaging app Signal is a non-profit alternative to Facebook-owned WhatsApp which not only offers end-to-end encryption but also stores less metadata.

4. Connect on video chats safely

Video conferencing has exploded during the pandemic as colleagues, family and friends turn to apps which allow large-scale group calls. Questions have been raised over how safe they are – Zoom had to retract a claim that it was end-to-end encrypted and Taiwan has now banned government agencies from using it on privacy and security grounds.

It’s worth exploring lesser known alternatives like open source Jitsi Meet, which does not require users to download software or create an account. For chats with a smaller group of people it is safer to use services that have end-to-end encryption like Signal, WhatsApp or Wire.

5. Do a digital spring clean

Getting rid of accounts that you no longer use reduces data exposure. “By deleting them there is less data on you out there and that reduces privacy risks,” Maynier says.

Part of the spring clean should also include installing a password manager which can store all your passwords in encrypted form and generate new unique passwords that are hard to guess. Try KeePassXC which is open source and offline. There are also commercial services online, such as LastPass and 1Password, which offer these services for a fee.

6. Navigate the ‘infodemic’

As well as safeguarding privacy and security it is also important to learn how to deal with the sheer volume of information coming our way as we scour the internet for answers on the pandemic.

As scientists rush to better understand the virus, there is a wealth of misinformation and disinformation circulating online about everything from supposed cures for the virus to claims that 5G technology is linked to the outbreak.

Check the original source of the information you are receiving and try to verify the content with other trusted sources. Some major news organizations now have their own fact check teams and send out newsletters debunking stories that have gone viral. The World Health Organization also has a COVID-19 myth-busting page.

Companies like Facebook and Google have said they are taking steps to counter the spread of false information but be aware that governments may also seek to seize on the issue of so-called “fake news” to crack down on lawful free speech.

“Rumours and unsubstantiated information can run rife during health emergencies,” says Maynier. “It’s important we don’t add to our own and others’ stress by sharing false information.”

Above all, one of the most important things we can do to stay safe online – now and in future – is to stand up for digital rights. Governments and companies the world over are racing to create more invasive surveillance tools in response to the pandemic. Some of these may save lives, but others may be harmful to privacy and other human rights in ways that will change our lives for years to come. Now is the time to come together and ensure that not only we, but also our human rights online, survive the pandemic.

Take Amnesty’s online digital security course

Topics