Ongoing pandemic of Covid-19 poses a challenges for organizations all over the globe. To build and secure remote environments, to support home offices while isolated from company cybersecurity defences – that’s the problem, companies have been facing since the beginning of restrictions.
Since the platforms were secured poorly, cybercriminals took advantage right away. As the pandemic started, companies reported increasing number of targeted cyberattacks. From ransomware to email phishing campaigns – they come in all forms possible.
Now, with the end of the pandemic within reach, cybersecurity teams face another potential headache — the vaccine passport.
If project requires the mass collection, storage and access of giant amounts of sensitive data, it will always raise eyebrows among cybersecurity professionals. Undertaking such a task in the middle of the disruption, confusion and malaise of a global pandemic causes a whole new level of anxiety – from now, cybercriminals know precisely which buttons to push.
Designed to prove that a traveler is vaccinated or recently tested negative for Covid-19, many are recommending vaccine passports as the best way to bring to life travel globally.
They represent an attractive target for cybercriminals as well.
A troublemaker needs to set up a website with convincing branding, and it can trick unsuspecting phishing victims into revealing their credentials and other personal information. Simple as that. Vaccine passports will be an email phishing temptation — and if they can be monetized, then they’ll certainly be a target.
These days, people are desperate to return to normalcy, to travel and see loved ones again. Consequently, many of us are much more disposed to clicking on malicious links and logging into spoofed websites — exactly the kinds of mistakes that cyberattacks rely on to succeed.
With so much traveler data already available to troublemakers because of previous breaches, these attacks may be highly targeted and incredibly convincing.
Cyber risks aside, there are also serious concerns about privacy. Many critics have already labeled the vaccine passport system as unfair, ineffective, discriminatory, with no settled format nor central issuing body. All of this brings us to the final crucial area of concern: how to protect your data when choosing a vaccine passport app.
The key features that are suggested to be checked if you are thinking about using a digital vaccination passport app:
- The creation of the vaccination passport should verify the request against healthcare records.
- Any data and communication stored must be encrypted.
- Confirmation by the pass holder when the passport is scanned for verification.
- Only the minimum required data is used to create the passport: name, date of birth, and vaccination date. Enough to validate vaccination and if needed to validate identity against another source, such as a driver’s license.
- No tracking of location or unnecessary collection of data, other than device data for the purposes of improving app experience as is normal.
- Only download apps from an official source, such as the Apple App Store or Google Play Store.
- The privacy policy should state the purpose of the app and that no personal information is shared with any third party.