How to address security threats while working smartly during the COVID-19 crisis

By SoleCreation | May 29, 2020 | COVID-19, | 0



Sadly not everyone pulls together in times of crisis, and the COVID-19 crisis has seen an increase of 37% in cyber attacks around the world. 

Whether this is due to a combination of hackers with more free time, or opportunistic expert cyber criminals exploiting the environment in which law enforcement, government and IT resources are being prioritized elsewhere, the fact is that the situation is a dangerous one for business continuity and protection of data and critical systems.

For SMBs, finding the right balance between cyber security and business enablement and productivity can be a challenge, but with the right strategy and tools, the two priorities need not be mutually exclusive. 

What types of cyber attacks are occurring during the crisis?

The size and types of attack have varied considerably, and have impacted all types of organization from hospital systems (or healthcare enterprise) to the smallest business. These attacks have taken the form of malicious domains that distribute spam, launch phishing attacks, or spread malware under the guise of providing information about the crisis.

Malware, spyware and trojans have also been embedded by cyber criminals in such tools as interactive virus maps and data sources. Spam emails are also as common as ever, and are commonly being disguised as government or bank assistance schemes for businesses during the crisis.

Ransomware is also an ever-present, with many US businesses as well as public services such as schools, hospitals, doctors, medical centers and government institutions regularly being targeted and locked out of internal systems in search of ransom payments. Ransomware exploits vulnerabilities such as emails containing infected attachments or hyperlinks, hacking of employees’ access credentials, or by taking advantage of vulnerabilities in business or organizations’ systems. 

How has the crisis changed the threat landscape?

Users that are traditionally used to working in an office environment are having to adjust on the fly to working from home – not always an easy task in the best of times, but one made all the more tricky in the current environment through the ongoing need to take precautions against contracting coronavirus, home schooling requirements, and normal household chores such as cooking and cleaning. Combine all those factors, and it’s easy to see why employees of SMBs in the US could be feeling slightly disjointed, and it’s an environment in which cybercriminals see distraction and weaknesses. 

But with or without the coronavirus crisis, remote working environments represent a fertile environment for phishing attacks – and especially so when users are not overly familiar with it. Some IT departments may find it necessary for example to ask users to update or patch software on business or personal computers where BYOD policies are adopted. Similarly, employees may have to learn on the job with using VPNs and other security provisions. 

How can businesses adjust?

Put simply, more than ever, protection is needed for devices and business data. And this isn’t necessarily just stockpiling endpoint cyber security solutions – it’s about building and implementing a holistic cyber security strategy in your business that also includes communication plans, user awareness of key phishing tactics, IT support provision, reminding employees of your IT and security policies and how to mitigate risks. 

Additional security doesn’t have to slow down business

As we’ve written about in other articles, if they are planned out and implemented well, additional security measures don’t need to negatively impact user productivity. Adoption of an email archiving system for example can reduce pressure on server workloads, and thereby speed up network performance at the same time as making it easier to locate email and file history. 

While it’s important to trust your plan and policies, it’s also important to understand that the cyber threat landscape in the COVID world does not stand still, and that attack attempts are becoming more and more advanced. It’s important to continuously stress test your plans, tighten password management advice for your users, conduct regular phishing training – and most of all, keep open dialogue with your (now) remote users. 

References

https://www.infosecurity-magazine.com/news/cyberattacks-up-37-over-past-month/