In January 2020, the Coronavirus outbreak started to garner international headlines. On March 11, 2020, the World Health Organization declared COVID-19 a worldwide pandemic. That week, life around the world changed. An increase in cyber-attacks is common in a time of crisis. In 2008, the worldwide economic crisis led to cyber-attacks as company capital decreased and citizens became an easy target. Cybercriminals prey on societal vulnerabilities, and COVID-19 is no exception as evident with cybersecurity attacks exponentially increasing in 2020 and 2021.
- COVID-19 can already be classified as the largest-ever cybersecurity threat, most of which have involved hackers impersonating health organizations and delivering fake coronavirus-related news by exploiting their fear, anxiety, curiosity or trust.
- Email phishing attacks were the most common source of data breaches while working from home and telecommuting by targeting consumer trust in big name videoconferencing platforms with Skype, Zoom and Google Meet users now the targets of manipulative cybercrime.
Despite the current global pandemic, cyber-attackers have made it clear they’re not taking time off. Now that many workers have shifted to working remotely and organizations are distracted trying to handle the virus, security and risk management teams need to be more vigilant than ever.
These helpful tips apply in and out of COVID-19 situations and for general use of practice.
- Do NOT disclose personal or financial information in an email requesting it. Hover over hyperlinks to verify the sender is who they say they are.
- Examine the website or sender’s details in their email and URL. Illegitimate and malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain and a multitude of grammatical errors.
- When in doubt, pause and do not feel rushed into responding to the email or correspondence. Try verifying it by contacting the company directly. Contact the company using information provided online through their website or an account statement, not necessarily the information provided in an email.
- Maintain antivirus, anti-malware, and operating system updates up to date. This applies for all software on all your devices that connect online – including PCs, smartphones, and tablets. Having patches and up-to-date definitions will greatly help and reduce the risk of infection from malware.
- Secure your home networks, especially while working remotely. Practice smart password management and enable two-factor authentication wherever possible.
Keys to Embracing (and Securing) a Remote Workforce.
- Ensure that the organization’s incident response protocols reflect the altered operating conditions and are tested regularly
- Ensure that all remote access capabilities are tested and secure and endpoints used by workers are patched
- Reinforce the need for remote workers to remain vigilant to socially engineered attacks through security awareness trainings
- Ensure security monitoring capabilities are tuned to have visibility of the expanded operating environment
- Engage with security services vendors to evaluate impacts to the security supply chain
- Account for cyber-physical systems security challenges
- Don’t forget employee information and privacy
“Most of the security and risk team is now operating in completely different environments and mindsets” – Gartner.com
The following resources will provide a more in-depth oversight and assistance in protecting yourself and your systems/assets.