Lately people across the globe have been receiving constant emails, updates and messages from the Government regarding the Coronavirus Pandemic. In addition, a few other SMS and emails were sent containing the word “virus” from unreliable sources. Moreover, people are working from home, using different internet sources and having fewer reminders about the importance of internet security. We are very well acquainted on how to stay safe off-line but how do we make sure we are protected online? What is cybersecurity? Why is it important to be vigilant when clicking on links now more than ever?
Working from home and the general chaos created by the pandemic has presented an opportunity for people with bad intent wanting to exploit this crisis. Public awareness is required as many of us will be subject to a range of cybersecurity threats and phishing attacks which has to deal with a lot of online security issues which focus on the security elements of the organisation.
Here is our view of the current cybersecurity situation and our advice on staying virtually secure during Covid-19:
Cyberattacks on the Rise:
Cybercriminals are adapting their usual methods of operation to take advantage of the fear and uncertainty associated with the coronavirus pandemic.
Cybersecurity is a human problem where the person facing the computer screen and operating the keyboard is the weakest point of contact in a technical system for Attackers who use multiple techniques to steal sensitive information about the Organisation. Which is broadly described as social Engineering.
Why Cybersecurity is Important:
This resilient digital infrastructure should include systems that do not trust each other to prevent people with bad intent to move horizontally through organizational infrastructure.
Another reason why cybersecurity is important in the global Covid-19 pandemic is that it holds a major impact in improving your systems cyber speed such as functionality of your laptop or computer- the main tools of working from home set-up. It is so because cyber threats such as any virus or malware end up in not only stealing sensitive information but in considerably reducing the speed of your systems.
A few other major reasons are:
- Hackers can manipulate VPNs without a view of the whole: Virtual private networks (VPN), have become the new lifeline for many businesses, extending encrypted networks to our homes. However, many home networks are already infected with malware or compromised hardware that can be exploited for staging attacks through machines with VPN termini.
- Physical location matters again: When employees take their machines home or use their home machines for work, those machines now sit in a physical and digital space unlike any within the office. Between routers, printers, foreign machines, devices, gaming consoles and home automation, the average home has a more complex and diverse communication and processing system than some small companies.
- Information can be weaponized: In the past few weeks, attackers have started taking advantage of human weaknesses. For example (Source), hackers developed a malicious mobile application posing as a legitimate one developed by the World Health Organization. A vulnerable person could easily mistake this malicious app for a real WHO app. Once installed, the application downloads the Cerberus banking trojan to steal sensitive data.
Our advice for these exceptional times:
Companies need to set-up a strong Framework for people who “work from home” by providing them “work from home” kits with strong lock mechanisms. There are things we can do while working from home such as deter, detect, delay, and deny and put that in our best practice principles.
- Strong Lock Mechanisms: Harden remote access in any way we can, for example by enforcing multi-factor authentication.
- By educating Employees/ Ourselves; recommend the use of anti-malware programs, remind not to open suspicious attachments or unexpected messages containing dubious sources; not to install unknown apps, and think before clicking on anything. Remember “better safe than sorry”.
- For business applications, making sure to find and reduce any vulnerabilities to minimize the risk of downtime and data breaches.
In conclusion, before you post any picture on social media or connect to your Zoom/Teams/Skype meeting double check the content displaying. Before you click on any link provided in an email or message, triple check the source it is coming from or even cross-check with your IT team, if you have one. Do not get carried away by the overwhelming amount of information provided by the media, stay focussed and always alert. Being aware of your surroundings in the real and virtual world is equally important in the context of coronavirus pandemic 2020.