From the beginning of the corona virus pandemic, companies all around the world have rapidly transitioned into a remote working model to ensure their business continuity. This sudden change has expanded the potential attack surface of these companies for the cyber criminals. At the same time cyber criminals have started exploiting the fear, uncertainty and doubt which COVID-19 brings to target individuals and businesses in a various of ways.
COVID-19 Themed Phishing Campaigns
Since mid-February, there was a rapidly increasing number of COVID-19 themed phishing attacks. These cybercriminals were trying to bait targets to fake websites and collect credentials of their e-mail accounts or their banking account. One example is phishing emails sending targeted users to fake Center for Disease Control (CDC) websites or comparable sites. We have previously created a detailed article about this topic. There is a growing tendency of targeting administrative accounts with more privileges rather than normal user accounts.
So, if you still haven’t thought about any other option other than emailing, start using a good online coloration tool rather than using emails only for communication.
Videoconferencing Security Risks
As social distancing policies have forced unprecedented numbers of employees to work from home, and as people seek ways to stay connected, the usage of videoconferencing platforms has exploded with many of the biggest companies offering limited-time free access. For an example if we take Zoom their 10 million daily users in December 2019 have increased up to 200 million in March. This surge in unprecedented usage has exposed serious privacy and security issues. Take a look at our working from home guideline article for more information.
Make sure your employees are downloading video tele conferencing software only from the original vender and not from third parties. Because most of the time these executable files download from third parties are attached with malicious software pieces which hackers can use to access your systems..
Most of the malware campaigns have moved to a covid-19 theme for effectiveness. Microsoft have recently warned about a new COVID 19-related malware campaign spreading by email and using Excel 4.0 macros and NetSupport Manager to compromise systems. So, it is very important to prioritize awareness among employees to avoid these type of security incidents.
Incident response protocols
Ensure that the organization’s incident response protocols reflect the altered operating conditions and are tested early. If the organization does not already have a cybersecurity incident response capability, consider using the services of a managed security service provider which has more experience and capability instead of trying to stand up a new system.
Tuning your environment for the new expanded workspace
- Secure connectivity for home office,
Secure your home router. Your device’s operating system will typically have a built-in firewall. In addition, firewalls are built into many routers. Just make sure that yours is enabled and default router password is changed. Advice employees to never use public internet connection. Always use a trusted VPN.
- Remote Data Wiping for Employees,
As most of the employees are still working remotely and will be working remotely in the future too their devices are likely to get lost and confidential corporate information could be at risk. Make sure all devices leaving the company are encrypted and remote data wiping and theft protection is turned on. You can use an endpoint protection software for this and make sure you have backups.
- Best practices
Teach awareness about the security best practices like multi factor authentication and strong passwords. We have previously created an article with more details about the best practices for remote working employees.
- Maintain Backups
Always keep more than one backup of your critical data. validate that the backup is complete and usable. The organization should regularly review backup logs for completion and restore files randomly to ensure they will work when needed.
- Securing the infrastructure
Make sure all the patches are reviewed and applied right on time. Continuously monitoring for suspicious activities like failed RDP login attempts, locked accounts will save you lots of time effort and money.
Ensure that your monitoring tools and capabilities are providing maximum visibility. Test your security before a security breach. Make a risk assessment. Make sure all the systems are protected with endpoint protection software which is up to date and it’s been continuously monitored. You can get the help of a MSSP for this.