ISLAMABAD: The tax officials of the Federal Board of Revenue (FBR) working from home are facing a new threat of possible cyber attacks, after opening infected documents claiming an update report from the World Health Organization (WHO) or Pakistani health authorities on the Covid-19.
To avoid data leakage, the FBR's Pakistan Revenue Automation Limited (PRAL) has issued a letter to its field formations here on Wednesday. The text of the FBR's letter revealed that switching to remote working because of the ongoing coronavirus pandemic can create cyber security problems for an organisation such as the FBR and its employees.
Attackers are exploiting the situation, so look out for emails, scams, and other hacking attempts. A new type of phishing attack is rising which is focusing on the coronavirus (Covid-19). Adversaries' sends phishing and spam emails to users to open the infected word document claiming an update report from the World Health Organization (WHO) or Pakistani health authorities.
Therefore, all the FBR resources who are authorised by the competent authority to work from home (WFH) are directed to adhere to the strategy points:
Avoid public Wi-Fi networks and use PRAL recommended VPN for secure communications; Use of remote desktop software such as TeamViewer, Anydesk, etc are strictly prohibited; Make sure you are using a secure connection for your WFH environment; Keep passwords strong and change it regularly. Always memorise the passwords, never write it; Enable Two-Factor (2FA) or Multi-Factor Authentication, wherever possible; Encrypt your home PC hard drives and USB sticks to safe data in case of theft; Keep your home PC operating system patched. Install 85 update your home PC with top-rated Antivirus, Anti- Malware 85 Firewalls. You may also get latest freeware antivirus and other security software from PRAL technical support team; Check all security software is up to date in your home PC. Privacy tools, add-ons for browsers and other patches need to be checked regularly; All WFH resources are advised to communicate using official FBR email only; All FBR remote workers are advised to be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source; Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments; Always scan suspicious file using antivirus software recommended by PRAL Technical Support team; All sensitive information be handled with care and dissemination to all concerned be done through secure means; Be aware of pop-ups in internet browsers or desktop screen and never enter confidential information in a pop-up screen; Establish and sign a departmental-wise cyber security policy/undertaking from your team members working remotely from home; Have a back-up strategy. All-important data should be backed up regularly; All officers are requested to provide their team with basic security knowledge. Please contact PRAL for assistance in this regard; All functional heads are advised to develop contingency plan in coordination with PRAL; Contact PRAL Technical Support team for any assistance; and in case of infection/compromise in your home computer system, immediately disconnect the computer from internet and contact PRAL Technical Support team for advice.
Copyright Business Recorder, 2020