In January 2020, the Coronavirus outbreak started to garner international headlines. On March 11, 2020, the World Health Organization declared COVID-19 a worldwide pandemic. That week, life around the world changed. An increase in cyber-attacks is common in a time of crisis. In 2008, the worldwide economic crisis led to cyber-attacks as company capital decreased and citizens became an easy target. Cybercriminals prey on societal vulnerabilities, and COVID-19 is no exception. Cybersecurity attacks in 2020 has followed suit to its economic recession predecessor with a 37% jump between the end of 2019 and the first quarter of 2020.
- COVID-19 can already be classified as the largest-ever cybersecurity threat, most of which have involved hackers impersonating health organizations and delivering fake coronavirus-related news by exploiting their fear, anxiety, curiosity or trust.
- Email phishing attacks were the most common source of data breaches while working from home and telecommuting by targeting consumer trust in big name videoconferencing platforms with Skype, Zoom and Google Meet users now the targets of manipulative cybercrime.
Despite the current global pandemic, cyber-attackers have made it clear they’re not taking any time off. Now that many workers have shifted to working remotely and organizations are distracted trying to handle the virus, security and risk management teams need to be more vigilant than ever.
AVOID CORONAVIRUS SCAMS
The following resources will provide a more in-depth oversight and assistance in protecting yourself and your systems/assets:
“Most of the security and risk team is now operating in completely different environments and mindsets” – Gartner.com
1: Ensure that the organization’s incident response protocols reflect the altered operating conditions and are tested early
2: Ensure that all remote access capabilities are tested and secure and endpoints used by workers are patched
3: Reinforce the need for remote workers to remain vigilant to socially engineered attacks
4: Ensure security monitoring capabilities are tuned to have visibility of the expanded operating environment
5: Engage with security services vendors to evaluate impacts to the security supply chain
6: Account for cyberphysical systems security challenges
7: Don’t forget employee information and privacy
These helpful tips apply in and out of COVID-19 situations and for general use of practice.
Do NOT disclose personal or financial information in an email requesting it. Hover over hyperlinks to verify the sender is who they say they are.
Examine the website or sender’s details in their email and URL. Illegitimate and malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain and a multitude of grammatical errors.
When in doubt, pause and do not feel rushed into responding to the email or correspondence. Try verifying it by contacting the company directly. Contact the company using information provided online through their website or an account statement, not necessarily the information provided in an email.
Maintain virus, malware, and operating system updates up to date. This applies for all software on all your devices that connect online – including PCs, smartphones, and tablets. Having patches and up to date definitions will greatly help and reduce the risk of infection from malware.
Secure your home networks, especially while working remotely. Practice smart password management and enable two-factor authentication wherever possible.