Recently, we have seen a surge in cyber-attacks that are capitalising on fears around COVID-19, like this scam intercepted by my team at the end of February, and wider media reports like this one with cybercriminals creating thousands of illegitimate Coronavirus-related websites on a daily basis.
As more businesses transition to working remotely amidst the COVID-19 crisis, the threat landscape has increased. The lines between our personal & professional lives are blurring, as the digital infrastructure we rely on for business blends with our home and family environments, like home WiFi and devices, social media and apps (e.g. WhatsApp). You can bet cybercriminals will exploit any vulnerability possible in these systems to gain access to valuable company data.
Karl Hanmore, the acting head of the Australian Cyber Security Centre (ACSC), recently advised that in light of these digital disruptions, businesses need to “be cyber-alert, not cyber-alarmed”. I can’t agree more with this. We all must be vigilant and proactive with respect to our email and data security, as we pivot to new ways of working, and new environments that lead to increased cybersecurity risks.
Thankfully, there’s a plethora of advice available online about how to protect our businesses as we transition to remote working, whilst maintaining productivity & team engagement levels. Experts like KPMG & Microsoft are sharing comprehensive guides and releasing new info everyday, including industry-specific recommendations. A lot of these are cybersecurity measures that any company with a remote working policy should have implemented anyhow, but they have become even more relevant in the current climate.
As a cybersecurity leader, I often get asked for advice that businesses can implement immediately. Here are my top 5 suggestions:
1) Make sure your tech hygiene is up to scratch
This was the very first recommendation from KPMG in its recently published article on how SMEs can protect their business from Coronavirus-themed cyber-attacks – and for good reason. The moment you implement a remote working policy for your business, you introduce a multitude of new threat vectors. To reduce the risks, CISOs should ensure that all business devices have the latest security updates & patches installed and an email security service (like MailGuard) to combat the latest threats and protect your team wherever they’re working.
Where appropriate, businesses should also have reliable VPN technology in place to secure their remote connections. Plus, KPMG advises that you should back up all critical systems and validate the integrity of backups, ideally arranging for offline storage of backups regularly.
In addition, ACSC stresses in a new list of cybersecurity guidelines that your businesses should also be protected against Denial of Service (DoS) threats.
2) Education & collaborationI’ve often said that if we want to make our businesses safer from hacking and cybercrime, we have to give our teams the knowledge to make good security choices. It doesn’t just happen; it’s a matter of generating awareness throughout the entire team and empowering them to think of themselves as the first line of defence. And this knowledge becomes more crucial than ever before because as we transition to remote working, our employees are increasingly going to be targeted.
Cybercriminals know employees are the pathway to company assets and will likely resort to mind games & exploit poor cyber habits to trick them. To help, The Cyber Readiness Institute advises employees to practice “social distancing online” by limiting the amount of personal data they share online, while Microsoft has released a great blog on how employees can identify & protect themselves specifically from Coronavirus-themed phishing attacks.
I also suggest sharing these 5 email scams exploiting fears around the virus that my team intercepted recently.
3) PasswordsIt’s common to hear reports of businesses being hacked by techniques such as password spraying and phishing emails pretending to offer COVID-19 advice from governments and the World Health Organization (WHO) that are designed to harvest passwords. In cases like this, it’s good to follow WHO's advice: “Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.”
Using weak passwords and not updating them frequently is one of the more common security risks that we see. Lots of people use the same password for multiple accounts too. This is a big cybersecurity no-no, but it’s especially important during times of heightened risk that we ensure our passwords are unique and secure.
4) Multi-factor authentication (MFA) & user accessIt’s already difficult to track who is accessing your company data, but even more so when everyone is working remotely. Multi-factor authentication (MFA) is key in avoiding unwanted transactions. My friend Ann Johnson, Corporate Vice President of Microsoft’s Cybersecurity Solutions Group, summarizes its importance perfectly in her blog: “The single best thing you can do to improve security for employees working from home is to turn on MFA. If you don’t already have processes in place, treat this as an emergency pilot and make sure you have support folks ready to help employees who get stuck.”
Most cloud or online services now provide a way to use your mobile device or other methods to protect your accounts in this way. Here’s some information on how to use Microsoft Authenticator and other guidance on this approach.
Managing user privileges is also crucial when transitioning to remote working – otherwise, anyone can access your systems. Establish account management processes and ensure everyone knows who is responsible for what. Companies should also control access to activity and audit logs.
5) Re-evaluate your incident support planIn light of recent disruptions, test & modify your existing incident management plan to ensure business continuity via remote working arrangements in the event of an actual cyber-attack. KPMG suggests that you should “work with your incident and crisis management team to strive to ensure your organisation has an alternate audio and video conferencing environment available. This alternate platform will be needed if you do have a ransomware incident that disrupts your IT systems. And will also provide additional redundancy if your primary conferencing provider has capacity or availability issues.”
Depending on the changes you need to implement, you may also need to provide specialist training for your incident management teams.
“A tough test”
Commenting on the current cybersecurity climate, Alastair MacGibbon, Australia’s former national cyber security adviser warned businesses that IT security practices “would come under a tough test” as more companies shift to remote working: “Overwhelmingly COVID-19 will present challenges for the way we work and live, but we must also look for opportunities. It will test us and our ability to secure remote workforces, and that is an exciting challenge.”
I am proud to have worked closely with Alastair over the years, just as we have with the teams at KPMG and Microsoft. There has never been a more important time for us all to work together.
The COVID-19 pandemic is unlike anything we have experienced before. Many have described it as a war on two fronts, both the threat to public lives, health & well-being, and the threat to the global economic environment. Together we must stop cybercriminals from exploiting the vulnerable and making a terrible situation even worse.
Please remain vigilant. Now is not the time for lax security. If you or your team need support, please don’t hesitate to reach out to my team for a helping hand at expert@mailguard.com.au
Stay safe.
