ISLAMABAD: Pakistan Revenue Automation (Pvt) Limited (PRAL) has issued cyber security advisory for officials of Federal Board of Revenue (FBR), who are working from home in the wake of resurgence of coronavirus.
In its advisory issued on Thursday, the PRAL said that switching to remote working because of the ongoing coronavirus pandemic can create cyber security problems for an organization like FBR and its employees.
Attackers are exploiting the situation, so look out for phishing emails, scams and other hacking attempts.
“A new type of phishing attack is rising which is focusing on coronavirus (COVID-19). Adversaries’ sends phishing & spam emails to users to open the infected word document claiming an update report from World Health Organization (WHO) of Pakistani Health Authorities.”
Therefore, all FBR resources who are authorized by the competent authority to Work From Home are directed to adhere to the following strategy points:
- Avoid public Wi-Fi networks and use PRAL recommended VPN for secure communications.
- Use of remote desktop software such as Teamviewer, Anydesk, etc. are strictly prohibited.
- Make sure you are using a secure connection for your work from home environment.
- Keep password strong and change it regularly. Always memorize the password, never write it.
- Enable two factor (2FA) or multi-factor authentication, wherever possible.
- Encrypt your home PC hard drive and USB sticks to safe data in case of theft.
- Keep your home PC operating system patched. Install & update your home PC with top-rated antivirus, anti-malware and firewalls. You may also get latest freeware antivirus and other security software from PRAL technical support team.
- Check all security software is up to date in your home PC. Privacy tools, add-ons for browsers and other patches need to be checked regularly.
- All work from home resources are advised to communicate using official FBR email only.
- All FBR remote workers are advised to be suspicious of any emails asking them to check or renew their password and login credentials, even if they seem to come from a trusted source.