Cybersecurity during the Coronavirus Pandemic
While the world’s focus is obviously on the pandemic situation created by Covid-19, unethical hackers all around the world are more than happy to exploit this crisis by launching cybernetic attacks. Those who can, are encouraged to work remotely if they are not doing so already. It seems that organisations will have to prepare themselves for life without an on-site staff or just a few in order to facilitate support functions.
For example, Check Point, a cybersecurity company, has discovered that in the month of January 2020 alone there have been over 4000 coronavirus websites that are up and running with 3% of them being recognised as malicious and with another 5% suspicious. The British have responded to 658 cyber-attacks in 2019 and have also taken down over 177000 “phishing” sites. On the other hand, companies have started acquiring new laptops without doing their due diligence in terms of cybersecurity protocols, ironically leaving organisations even more vulnerable to attacks.
Given the current state of affairs, the US Health & Human Services Department’s system has been breached, an attack that had the sole purpose of disrupting and misinforming people in order to reduce the efforts being made in responding to the Covid-19 pandemic. John Ullyot, a spokesperson from the National Security Council had this to say about the cyber-attack: “We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly. HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.” The HHS delegated spokeswoman had this to say in regards to the situation that enfolded: “On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter,” said the spokeswoman, Caitlin Oakley. “We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”
Given that sheer impact and reorganisation that has ensued following the declaration of the pandemic, employee and employers alike must be really careful when handling confidential information. Below you will find a list of tips of what companies can do to minimise risk in these difficult times.
For the Employees
1. Be Extra Careful with Phishing Emails
Cyber attackers thrive in a crisis. Pay close attention to emails designed to make you instantly click on special offers for whatever protective gear or products related to the coronavirus pandemic. Or it could be an email from your manager with an apparently innocent link in it which will make you download dangerous malware on the company’s laptop, a laptop that has direct access into the company’s overall system. There has been a considerable rise in Office 365 and Gmail hacked accounts, with the cyber attacker sending invoices to clients of partners alike.
In order to stay safe, it is recommended to enable the multi-factor authentication on all the accounts you can. This simple action will obstruct almost all attackers, excluding the really great ones.
2. Cyber Hygiene is almost as important as Washing our Hands
All devices you use, and this includes the router as well, should be up to date with the latest version of anti-virus and the internet you use must come from a secure and reliable connection. Bluetooth use in public areas should be avoided at all costs. That is an easy way for hackers to connect to your device. The importance of multi-factor authentication cannot be more underlined.
3. WiFi Exclusively from Secure Locations
Work exclusively from password-protected internet connections. If you have no other choice and you have to use a public WiFi it is imperative you check with the owner of the establishment that the network you wish to connect to is the correct one. Also, avoid accessing confidential and sensitive information from a public WiFi network. It is easy for hackers to trick people into joining an internet network which basically gives him access to everything you see and do on the internet.
For the Employers
1. Set Up Remote Access ASAP
Do not let your employees go home without the program installed and their login credentials by their side. Handing out authentication credentials to remote workers with no prior training and explanations is going to be an extremely difficult and frustrating process.
2. Confidential Information handled with Extra Care
Remind your employees that confidential information is more important than ever and must be handled accordingly. Personal emails are definitely off-limits and employees should be careful with what they print out at home. If a particular document would normally be shredded at the office, remind your employees to dispose of it safely in their homes, or simply put the brakes on printing anything in the first place.
3. No Personal Laptops for Work
Employees must be given company laptops and training by IT security personnel in how to use the laptops they are given to work from home. Personal computers or laptops should be forbidden due to the simple fact that it creates numerous problems in terms of preserving and safeguarding documents. There is also the issue of out of date software used and that could compromise a lot more than just documents.
4. Up to Date Contact Information
Be sure your organisation has a secure way of contacting all employees — whether we’re talking here about the personal cell phone number or a landline. That way, if the organisation falls victim to a cyber-attack of any kind, you’ll be able to communicate effectively. For key members of the senior management, set up a group on a secure texting application such as Whatsapp or Telegram in case all other systems are down in order to properly communicate in case of a serious cyber-attack.
Remote access tools have advanced in unbelievable ways that were inconceivable 10 years ago, given the fact that it made en masse remote work possible. As with all data security, remote access is only as strong as its weakest link. There has to be a strong combination of technology and employee know-how and training, it can be done safely and smartly. Stay safe and be careful out there.
How can Great People Inside help you assess your ‘remote working’ workforce?
Given our current situation knowing that your colleagues or employees are best suited for this new scenario we find ourselves in. Finding the right talent, the best fit for the job and your organisation can be a very challenging task. It is now important to find out whether your managers or your team is well-equipped of working together from various locations. It requires deep knowledge of their personalities, strengths, weaknesses, interests, work style and other characteristics. Our technology and solutions will do the work for you, helping you discover if your people are resilient during times of hardship, if they are autonomous, if they are team players, without actual human contact. Given that our platform is cloud-based, everyone can use it from home as well. Humanity finds itself at a crossroad for various reasons now, why not help people discover and develop themselves from the comfort of their own homes?
Request a free demo:
Sources:
https://www.nytimes.com/2020/03/16/us/politics/coronavirus-cyber.html
https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response
https://www.ft.com/content/cbe2b35a-66d2-11ea-a3c9-1fe6fedcca75