resources > Blog
COVID-19 Effects on the Cybersecurity of Businesses
COVID-19 Effects on the Cybersecurity of BusinessesRepercussions from the COVID-19 pandemic have stretched beyond public health. Cybercriminals may be seeing the limited capacity of companies and remote work setups as openings for attacks and data breaches. Know how the COVID-19 situation may affect your company’s cybersecurity and how to mitigate those problems.
Risky Remote WorkA CNBC report found most businesses in the US are allowing some of their employees to work from home. However, a third of the tech executives from these organizations also fear that cybersecurity risks are greater because of remote work. This is because home computers and internet connections don’t often have the same robust security as the ones in their office. One participant in the report stated their company has seen up to a 40% increase in philshing and other digital scams directed to them since the pandemic started. Your work-from-home employees may be exposed to the following risks:
- Network Attacks – Some personal Wi-Fi networks may have default or weak encryption settings, like Wired Equivalent Privacy (WEP), which is outdated and easy for cybercriminals to crack. Once attackers gain access to your workers’ network, they may intercept important business data that your employee sends and/or receives.
- Default or Weak Passwords – Passwords add an important layer of protection that prevents unauthorized access to your company’s email accounts, online portal, and productivity suites. Some employees may not change their default passwords or create easy-to-guess ones. This makes it easier for attackers to take control of your workers’ important online accounts.
On the HookPhishing involves hackers masquerading as legitimate organizations through email to deceive people into sharing sensitive information like social media and work passwords, as well as credit card numbers. Cases of this during the pandemic include:
- Fake Donations – The World Health Organization has said hackers are taking advantage of the situation by sending phishing emails and WhatsApp messages pretending to be the WHO and asking for donations.
- Misleading Health Advice – Some messages may also have a “health advice” angle, leading people to click on links to virus-filled websites or download and open malicious software.
- Fraudulent Work Emails – Norton Security, an anti-virus software provider, has said that some attackers may also pose as corporate communications or human resource professionals. They send fake workplace emails with infected attachments.
Devices Held HostageApart from stolen personal information and money from phishing, employees may fall victim to another form of attack known as “ransomware,” according to a 2020 report by Deloitte. Ransomware locks a user out of their computer entirely, preventing them from accessing their important files. The attacker then asks the victim for payment in exchange for a key that restores access to their computer. This problem, like most cyber attacks on personal computers, happens when a person opens an infected file from a phishing email. The Financial Post found two Canadian health organizations working on COVID-19 were hit with ransomware attacks. The firm that discovered these attacks said cybercriminals were targeting frontline health workers. Because of the pandemic’s global scale, it’s easier for hackers to find more victims because they only need one theme or message to lure users around the world into opening their messages or files: COVID-19.
How to Protect Workers from Cyber ThreatsYour business data is more vulnerable than ever because of remote work. However, it doesn’t mean you should sacrifice productivity by canceling your work from home program. There’s no better time than now to opt for the services of a cybersecurity firm. Here’s why.
- Vulnerability Assessments – They can do vulnerability assessments on your employees’ computers, web applications, and networks to ensure that the devices and software are free of exploitable security flaws.
- Constant Monitoring – A cybersecurity firm can also provide Security Information and Event Management (SIEM) services. This involves constantly monitoring your company’s logs and events to look for potentially malicious activity. This way, attacks are hindered before they do significant damage.
- Keep Your Online Services Up and Running – Distributed Denial of Service (DDoS) attacks overload your servers, preventing actual customers and workers from accessing your website and applications. A cybersecurity company can prevent these attacks with specialized software and expert monitoring.