The crisis has left many businesses unable to operate according to business as usual. As all levels of government look to stem the tide of the virus by limiting large gatherings of people, many businesses considered essential in nature are asking their employees to work remotely.
What are the top cybersecurity risks when working remotely?
Protecting your organization starts with understanding some of the biggest risks:
- Lack of defined remote work protocols: Employees that may be unfamiliar with approved remote work solutions may have the ability to install various open source software, for collaboration with other employees or customers. These programs may or may not be secure or in compliance with corporate information security and privacy controls.
- Increased system demands. IT teams may have to defer the regular patching schedule on critical assets to keep network operations stable and available. The increased demand on keeping the remote infrastructure available may limit allowable downtime for patching and updates.
- Insecure devices and networks. Utilizing home computers or insecure home Wi-Fi networks to connect to and perform work may lead to security breaches, data leakage, and disruption in business operations due to the inadvertent installation of malicious software.
- Inadequate virtual private networks (VPN). An insecure and/or outdated remote access VPN infrastructure may lead to systems being unpatched or users accessing malicious websites.
- Cyberattacks and fraud attempts. Business email compromise through the spread of malicious content related to COVID-19 may include the use of false or misleading guidance, fictitious new updates, or fake coronavirus global dashboards, to name a few.
Recent cybersecurity incidents
Organizations all over the world have already been affected by COVID-19-related cybersecurity attacks. Some of the more high-profile incidents include:
- The U.S. Department of Health and Human Services (HHS). The department’s computer system suffered a cyberattack that sought to undermine the response to the coronavirus pandemic, which may have been the work of a foreign actor. Attackers attempted to overload HHS servers with millions of hits over several hours, aimed at pulling the agency’s systems down, but failed.
- The World Health Organization. WHO has been targeted multiple times by cybercriminals. According to a report, a group of , creating a fake website to try to steal passwords from WHO staff members.
In another incident, attackers created false email addresses and domains to fraudulently solicit bitcoin donations in the name of WHO’s legitimate charity, the COVID-19 Solidarity Response Fund.
- Hammersmith Medicines Research (HMR). Ransomware attackers targeted HMR, a UK medical facility with plans to test a coronavirus vaccine. The criminals stole confidential patient data from previous vaccine testing trials (unrelated to COVID-19) and threatened to publish the records online unless they received payment.
What can businesses do to protect themselves?
While the incidents above are more high-profile examples, the fact is that no organization is too big or too small to be targeted by cyberattackers.
- Confirm all requests for payment. If you, or a staff member, receive an email asking for transfer of money or invoices to be paid, it’s crucial to verify the legitimacy of the request. As a best practice, pick up the phone and confirm the person is who they say they are.
- Disable digital assistants. Disabling digital assistants such as Alexa or Google Assistant, or at least not talking to clients within earshot of such devices, is highly recommended
- Depending on how you may have configured the privacy and security settings on Alexa and Google Home devices, they may or may not necessarily record you, but it provides a window of opportunity for a potential hacker. Review and increase your privacy and security settings on these devices.
- Secure home Wi-Fi. Users should use strong authentication techniques, such as WPA2, to authenticate and connect to home networks. Consider using strong passwords of 12 characters and changing passwords after changing the authentication technique.
- Patch your systems. Periodically check systems for missing patches and outdated antivirus definitions. Consider implementing Network Access Control (NAC) to check the security hygiene of endpoints before allowing remote access to the infrastructure. Ensure your systems, including VPNs and firewalls, are up to date with the most recent security patches.
- Increase cybersecurity awareness. Conduct cybersecurity awareness campaigns within your organization to increase knowledge about phishing attacks, especially those related to COVID-19. Update security training for staff and stakeholders to inform and educate them about cybersecurity practices, such as detecting socially engineered messages.
- Remote access. Re-evaluate your cybersecurity measures in anticipation of the higher demand on remote access technologies, and test them ahead of time. Validate that the remote desktop client has been configured appropriately and is secure. Ensure your work devices, such as laptops and mobile phones, are secure. Implement multi-factor authentication for remote access systems and resources (including cloud services)
How TruePixel Group can help you?
We understand the cyber risks and challenges that today’s businesses face, especially during this period of uncertainty and disruption.
TruePixel offers a variety of services from information security consulting to assessing, testing and improving the protection of applications and networks for companies operating in healthcare, manufacturing, banking, retail, telecommunications, and other industries.
Our security experts develop a personal approach to each customer based on best practices and enriched with our own experience. We are ready to support our clients at all project stages.