Criminals don’t mind if they kick us when we’re down. And that’s precisely what we’ve seen them do as COVID-19 has altered the way we work and live. Organisations of all sizes, security levels, and missions have been forced to allow employees to work from home to keep business operating on some level. This reality of our current existence has lured cybercriminals into taking advantage when our attention has been elsewhere. So, while we’re trying to protect ourselves from COVID-19, we might be equally vulnerable to another virus—cyberattack.
More Vulnerabilities Exposed by the Pandemic
Before the outbreak of the novel coronavirus, organisations were already faced with significant cyber threats. As organisations quickly pivoted to allow working from home in response to official advice, mandates, and stay-at-home orders, computer networks experienced additional and new strains that left them susceptible to infiltration by criminals.
In an environment of uncertainty, people want to find reassurance. Cybercriminals have taken advantage of this by sending bogus emails that seem like they come from legitimate sources of information about public health. In February 2020, the World Health Organisation (WHO) warned of criminals disguising themselves as WHO to steal money or sensitive information. Similar warnings were issued by the UK’s National Cyber Security Centre, US Federal Trade Commission, US Centre for Disease Control, and the Federal Bureau of Investigation.
While some businesses allowed telecommuting on some level before the pandemic security preparedness was certainly uneven, and the rapid transition to have nearly the entire workforce remote taxed the security and IT infrastructure of many companies. This reality led to an exploitable opportunity for criminals. As systems dealt with remote logins from employees and devices that hadn’t ever done so before, it was easier for an attacker to infiltrate without detection. The use of personal devices—in most cases, much less secure than corporate devices—also increased dramatically as people began working from home.
In addition to the surge in work-from-home support required, security professionals were also dealing with fragmented teams due to quarantine and illness, which made fighting cybercriminals even more difficult. An analysis of what occurred in Italy shows a spike of phishing attacks and malicious log in events as the country was dealing with COVID-19, which indicates that criminals were taking full advantage of an unprecedented opportunity.
It’s quite possible that we won’t know what damage and the extent of the damage for several months as well-organized criminal networks sit on stolen data.
Digital Resiliency During COVID-19
In the coming months, as we recover physically and economically from COVID-19, organisations must also consider their digital resiliency. In the meantime, here are some tips to safeguard your data security while living through COVID-19 and an increase in remote workers:
1. Update passwords: It’s time to change default passwords for your home Wi-Fi and update all your passwords on accounts and devices to be unique and strong. It’s also advised to enable two-factor authentication where possible to prove that it’s definitely you logging in.
2. Keep software updated: Since software updates include important security patches as well as bug fixes, ensure that you have updated software for your devices, apps, and systems whenever one is available.
3. Professional work should be done on your work computer: Oftentimes for convenience, employees will use their personal computers for work. If you have your work computer at home, ensure that you are conducting your business on your work computer since your IT security team has likely put in additional security measures for that device. Additionally, using your work computer to cheque your personal email and social media accounts can also expose your professional network.
4. Avoid public Wi-Fi networks: Whenever you pop on an unsecured Wi-Fi network, you are exposed to attack. Follow your organization’s IT policies.
5. Use a password manager: Password managers make long randomly generated passwords easy to use and remember for every login.
Digital Resiliency in a Post-COVID-19 World
Our world will be changed in many ways after COVID-19 is under control. While exactly how that plays out is still under development, we know that organisations will think about data resiliency in new ways. Not only were some businesses shown the benefits of remote working and therefore, will likely continue the capability in the future on some level, but organisations will also want to prepare their data resiliency for a future pandemic or other reason that remote working is implemented for a significant period of time. Here are four cybersecurity trends to consider once we’re on the other side of the COVID-19 crisis:
1. Employee cybersecurity awareness
It’s important that all staff get educated and understand how they can protect data and what actions could cause cybersecurity issues for the organisation. This includes training on how to spot suspicious emails and good cyber-hygiene practises.
2. Implement a VPN
A virtual private network (VPN) can make your organisation more protected against cyberattacks while allowing employees access to the corporate system.
3. Artificial intelligence and machine learning
Consider how artificial intelligence (AI) and machine learning can support your security team to track behaviour and identify if something risky or abnormal occurs.
4. Review access
Not every employee needs access to the entire network. Review and update your corporate policies.