Looking at the array of technical countermeasures available to protect confidential data and computer systems has certainly expanded as compared to the last decade. Most corporate IT departments now allocate a significant portion of their budgets to information security. What isn’t clear is whether systems are more secure as a result.
It is now a concern that the concept of ‘security’ itself is a nebulous one. Notoriously difficult to measure, one way of defining security is measuring incidents and the resulting damages/losses. Depending on the previous security landscape where high-profile breaches were experienced in the past 18 months, it has brought to notice that the industry-wide overall level of ‘security’ doesn’t seem to be improving but instead getting more worse. In a brief wash in the technical countermeasures undertaken, there is a question to raise: “what we’re missing?” The answer is that the human remains the weakest link in the information security chain.
As we need an assurance that while employees work from home, they will protect that which the company considers so confidential and private to it and that they will not be the weakest spots to let malicious actors to the highly protected by ensuring a strong protective measure to the confidential assets.
As an employee of a high premium organization, it is one’s responsibility to think very carefully before clicking on a tempting link purporting to be from the World Health Organization (WHO), Ministry of Health (MOH) or similar, with positive information about the cure for COVID-19. To a great extent, if not informed, it will be a hacker preying on your understandable anxiety about the corona-virus pandemic.
With much curiosity and anxiety to uncover the supposed good news, you could inadvertently reveal confidential information like personal data, credit card details, social security card details and professional secrets. Indeed, in these strange times, when it comes to cybersecurity in enforcing your cyber-Hygiene, it’s worth thinking first before acting, stopping and asking yourself: “WHO is worth trusting as of this period of the pandemic?”
As millions of us scramble to bring awareness about the opportunity that hackers are using during such times, and the fact that Remote-working has kicked off as a solution in many entities, Cyber-criminals are seeking to capitalize on the widespread panic among internet users and employees and in the event, they are successful. New coronavirus-themed phishing scams are leveraging fear, hooking vulnerable people
“The most play on emotions and concerns, and that coupled with the thirst for urgent information around coronavirus makes these messages hard to resist,” says Luke Vile, a cybersecurity expert at PA Consulting. “Societally, we’ve never experienced this situation before, so all rules are off in terms of how people behave. While there is an intense urge to react to good news, it is risky.”
Threat Actors making money during COVID-19
In a slight projection about the effect of the pandemic, it was noted in the UK alone that victims lost over £800,000 to coronavirus scams in February as per the reports from the National Fraud Intelligence Bureau. One or more unlucky persons left £15,000 and much lighter after buying face masks that were never delivered to them. Who would confidently guess at the March figure?
As of today, Banks have this to note as Banking Trojan malware is masquerading as a WHO-developed mobile application helping individuals recover, or virtual private network (VPN) installers. And consider that Check Point research shows some 4,000 COVID-19 domains have been registered this year, many likely fronts for cyber-crime.
“So-called ‘scare-ware’ will only ramp up as uncertainty rises and online searches increase as people seek information about the outbreak and solutions,” predicts Terry Greer-King, vice president of Europe, Middle East, and Africa at California-headquartered cyber organization Sonic-Wall. “In 2019, malware and ransomware took a fall, 6 percent, and 9 percent respectively. Now they are coming back because of the global health crisis.”
In the error of the pandemic today, cybercriminals have sighted a potential target area to exercise their phishing scams which entail luring of the victim’s psychology and end up opening malicious emails and clicking on informative looking links which when clicked download spyware other malware that is intended to harvest credentials and the said to be confidential company data.
Since everyone is looking for safety information from online sources makes people more susceptible to attack and are more likely to click on potentially malicious links or download attachments. It has been estimated that approximately 70 percent of the emails deliver malware which is aimed at stealing victim’s credentials
Stay safe while remote-working
Organizations should encourage their employees to do the following and operate this way during the COVID-19 Remote-working scenario
1. Stay private
One of the best ways you should stay anonymous/private is when you use a good VPN solution, which sits on the PC, laptop, or mobile device. This will create an encrypted network connection for all your online activities. A VPN makes it safe for the employee to access IT resources within the organization and elsewhere on the internet.
2. Only use work devices
As employees work from home, they tend to use several devices to access company confidential information and among the devices they use are personal digital assistants, which include personal laptops, mobile phones among others.
Employers should communicate with colleagues using IT equipment provided by employers. This is so because the company devices often run a range of software installed in the background that keeps people secure. If a breach incident took place on an employee’s device, the organization’s data may not be fully protected together with the employee
Embrace an added layer of security to your systems
Another way to have a security assurance over your Gmail account, Facebook account or any online accounts that you have access to is when you enable multi-factor authentication wherever possible, this is referred to adding another layer of security to any apps you use.
Additionally, a password manager can help avoid risky behavior such as saving or sharing credentials. Both types of products offer cost-effective solutions for organizations.
3. Update cybersecurity policy for home-working
“As a company, do you have a cybersecurity policy? Does your current cybersecurity policy include remote working?”
If there is a cybersecurity policy in place, Ensure the policy is adequate as your organization transitions to having more people outside the office. They need to include remote-working access management, the use of personal devices, and updated data privacy considerations for employee access to documents and other information.
4. Tighten up your network access
It is always noticed that without the right security, the personal devices used to access work networks can leave businesses vulnerable to malicious attacks (hacking). If information is leaked or breached through a personal device, the company will be deemed liable.