Dealing with cybersecurity during COVID-19

Cyberattacks are on the rise. Cybercriminals are believed to have intensified their attacks as the world is primarily focused on COVID-19. This is evident based on several reports, including a report in Healthcare IT News, a report from Europol, and a memo from NASA. Experts believe that these malicious cyber-attacks will continue and likely increase during the pandemic. A significant increase in the number of malware campaigns, spam campaigns, and scams have been observed, according to SentinalLabs. “This pandemic brings out the best but unfortunately also the worst in humanity. With a huge number of people teleworking from home, often with outdated security systems, cybercriminals prey on the opportunity to take advantage of this surreal situation and focus even more on cyber-criminal activities,” said Catherine De Bolle, executive director of Europol.

As organizations deal with the consequences of the pandemic and a struggling economy, they now have to deal with heightened cybersecurity threats from hackers who are looking to take advantage of the current crisis. During these tough times, any major security breaches could mean complete disaster for companies, especially SMBs. Hospitals and other critical healthcare organizations are particularly threatened with ransomware attacks, phishing attacks, and other malicious attacks.

It is sad but true that many companies do not have a tested Business Continuity Plan (BCP) to deal with the current situation. Some companies are rapidly attempting to establish new policies that will allow them to maintain critical operations with limited staff or with most of the team working from home. What should companies do to deal with the new threats? The simple answer is to continue to have cybersecurity as your top priority (assuming that it has been your organization’s top focus so far.)

1. Ensure your cybersecurity team is in full strength, and it should be business-as-usual for them. Do not let your guard down. Security teams must work diligently than ever to protect the organization’s assets and be aware of new techniques used by hackers.
2. Educate your employees on the heightened threats such as phishing attacks, use of home computers to access sensitive information, storing confidential information in computers not authorized to be used for official work, etc., since the hackers are increasingly targeting home networks. There is no single fool-proof way to avoid phishing scams. Phishing.org has useful resources for avoiding phishing scams.
3. There is no better time than now to review your organization’s security practices, policies, and server configurations. Carefully review access logs to ensure critical systems are not compromised.
4. Ensure employees are accessing the organization’s assets (infrastructure, data, etc.) from the company provided laptops and remote access only through VPN. Any organization is more vulnerable to attack or lose sensitive data if VPN is not established, and employees access sensitive data from their home computers. Now is the time to enable multi-factor authentication (MFA) if it is not already set.
5. Organizations rely on third-party tools such as Zoom. As you may be aware, several security issues were identified in Zoom. Zoom responded to these disclosures swiftly and transparently. However, organizations end up being exposed to security threats due to problems with such third-party software tools. Ensure the organization responds appropriately when such issues are reported.

During these tough times, rely on your cybersecurity experts (like Cyligent) to provide the needed guidance to deal with the heightened threats.