The COVID-19 pandemic has had implications on how many companies do business. Many workers who’d never worked from home now prefer the flexibility that remote work provides. With the expansion of work-from-home opportunities has come new cyber-threats that large and small businesses alike haven’t considered, and new coronavirus cybersecurity strategies are needed to protect employees and the companies they work for.
This guide will cover some of the cyber-threats that are on the rise. Cybersecurity and COVID-19 are interlinked now because remote work isn’t going away anytime soon. If you aren’t preparing for current cyber-threats and those that may arise in the future, it could cost your organization significant sums of money in lost productivity, theft and more.
The Proliferation of Cyber-Risks
Recent news headlines regarding ransomware attacks, security risks, internet security and more have many people concerned about when the next data breach or large-scale infrastructure security attack will occur. What many people don’t realize is that their personal devices could be what harbors the programs hackers might use to breach their employers’ systems to access sensitive information. Remote access to internal systems comes with cyber-risks the average worker is oblivious to.
Even large and secure networks are facing brutal cyber-threats. In the midst of the COVID-19 pandemic, hospitals, clinics and doctors have routinely been the targets of malware and ransomware attacks. Due to the nature of these attacks, many of the health care networks affected had no choice but to pay the ransoms.
The Colonial Pipeline attack had implications across a wide region of the United States as oil production was halted until a resolution could be found. Residents in the impacted areas were panic-buying gasoline and other resources. This exacerbated the impact of the attack.
The Internal Revenue Service has warned that cybercriminals are using the COVID-19 pandemic as an opportunity to scam people via phishing attacks that obtain victims’ personal information. Current scams include emails and text messages promising the delivery of disaster relief payments and COVID stimulus money. With such a drastic rise in cybersecurity threats comes the need for more attention and resources to combat these ongoing threats from individual hackers and groups backed by nation states.
Common Cybersecurity Threats to Remote Working
One of the greatest vulnerabilities businesses face is the use of personal computers to perform work tasks. When people began to work at home, they did so using devices they owned rather than equipment that had been purchased and programmed by their employers. It’s not realistic to believe that average people with no IT experience are capable of addressing potential cyber-threats affb nd knowing how to defend their data.
According to Kaspersky, 80% of those participating in remote working use home computers rather than a company-owned device. This is despite over half of respondents actually receiving equipment from their employers to use. The average person prefers to use their own equipment, even though this puts them at risk of cyber-threats.
Since remote working often occurs through home networks, those who work from home usually aren’t working over a secure network. This makes it easier for hackers to gain access to their devices and locate a back door into the company’s private network. The number of attacks against these unsecured networks is on the rise.
Additional risks come via the very software and collaboration tools commonly used for remote working. Zero-day vulnerabilities, viruses and malware allow hackers to gain access to an entire network after infecting a single computer. When employees send files over email, the documents may be encrypted with Trojans that sneak onto another worker’s computer and continue to spread. The objective of this strategy is to eventually gain access to the company’s vital infrastructure.
Current Scams to Avoid
In the US for example, the National Cyber Security Alliance warns against a number of scams that are currently taking advantage of those who are in need due to disasters or the COVID-19 pandemic. These scams include being contacted by an individual claiming to be from the Internal Revenue Service, the Centers for Disease Control (CDC) and other US government agencies. It’s important to note that wherever you are living, it is highly unlikely you will ever be contacted by a government agency over the phone or the internet. In the US for example, the IRS only contacts people by mail.
Another common scam is fake requests for product deliveries. The scammer sends an email with an attachment that contains a Trojan or other security risk. Once the attachment is opened, the hacker is able to obtain control over the machine that received the email.
Some people are receiving fake emails promising stimulus payments or claiming that the target needs to update their information to be able to receive their welfare benefits, Social Security benefits or COVID relief payment. Never open these suspicious emails; instead, if you need to, call your government agency directly to obtain any information about benefits and payments.
How Coronavirus Cybersecurity Measures Will Change Business
Some companies were woefully unprepared for the wave of cybercrime that’s been hitting the nation. For those that weren’t prepared, security needs to be a priority for their organizations moving forward. This may mean completely revamping systems and turning to the most advanced technologies in the cybersecurity space.
Remote workers need to be educated on how to contribute to cybersecurity efforts. It’s the employer’s responsibility to warn workers about current cyber-threats and provide ways they can protect themselves. If possible, it’s also important that remote working only occurs on business-owned computers. This protects workers and business organizations alike.
How to Defend Against Cyber-Threats
Everyone needs to be informed concerning cybersecurity concerns and receive training on the mitigation measures in place to protect data privacy. In order to ensure criminals don’t gain access to your confidential data, make sure your computer has anti-malware and antivirus programs installed and that your employer provides additional security software to protect your home network and data privacy.
Here are some strategies you can implement to protect yourself:
Protect Your Home Network
Make sure your home network is protected with a strong password and encryption. This can protect all your devices since they’re all connected to the internet via your router.
Use a VPN
Virtual private networks offer you security by routing your connection through a neutral and secure server. This keeps websites, internet service providers and hackers from tracking your IP address and knowing what you do on your computer.
Communicate with Your IT Department
Make sure all your devices such as tablets, mobile phones and computers have acceptable security features. If you’re working from home, you can ask your IT department to provide you with the software you need to install on your devices that’s compatible with the company’s proprietary software.
Don’t Mix Work and Pleasure
If offered a device that’s owned by your employer, use only that device for work functions such as business meetings and virtual meetings that use VoIP software such as Zoom or Microsoft Teams. This reduces the chance of a cybersecurity breach that moves from your work to home devices and vice versa.
Determine Vulnerabilities and Report Them
The IT department should be reviewing known vulnerabilities on a regular basis. If you notice something worthy of concern, you should report it. Always pay attention when you’re notified of a current security issue.
Do Some Research
Organizations like the National Cyber Security Alliance, Cyber Readiness Institute and Global Cyber Alliance provide information about the latest cyber-threats and ways you can protect yourself. Cybercriminals are constantly evolving, so the current methods of mitigating cybersecurity concerns may not be relevant when hackers come up with new ways to exploit people. Checking in on what these organizations have to report can help you stay aware and prepared.
About the Author: EIRE Systems
EIRE Systems is a leading independent provider of professional IT, AV and Access Security services to the financial, insurance, manufacturing, health care, retail, construction, hospitality, commercial real estate, legal, educational and multinational sectors in Japan and throughout the Asia Pacific region. EIRE Systems has expertise across a wide spectrum of Information Technologies, with a track record for successfully completing hundreds of assignments since its establishment in 1996.