Back to Insights

How to Managing the Coronavirus Pandemic on Cybersecurity

Cyber security 04/10/2020 - 12:15 by Swami Nathan

The pandemic has made it more difficult for companies to maintain stability and security. However new approaches will help the leaders of cybersecurity secure their organizations.

Since companies are faced with low profits, forced to cut costs, the possibility of closure looming and, as a result of COVID-19, general fear and uncertainty, these distractions lose their concentration in particular when it comes to IT and cyber security. Businesses need to keep their IT and information security processes secure because a cyber attack by opportunistic threat actors could be inevitable and the consequences will be disastrous.

Most businesses are going to use their well-designed business continuity plans, but those are going to be a very small percentage of the SMB industry. Many will be forced to introduce reactive business continuity strategies and do whatever they can and keep their company and employee trading running. Easy setups such as allowing business owners and employees to remote from home and access cloud IT services through their company workstations. Employees may not even have learned how to do it four weeks ago.

In the present situation with coronavirus, people are far harder to confuse and in a higher state of fear, making them much more vulnerable to attacks.

what do the businesses need to look out for?

New threats to watch out for

Coronavirus allows attackers to put a new twist on attacks that already exist. A variety of new malicious websites were already set up for malware infecting computers. Be vigilant about newly developed websites, which are registered with the word “corona,” many of which may be suspect. Look out for sites with coronavirus(.)com or map(.)com corona-virus variants.

Spam emails seek to grab your attention by, for example, selling high-demand products such as masks, hand sanitizers, or vitamins. Alternatively, they may fuel pandemic conspiracy theories.

Phishing scams may appear to be coming from organizations like the CDC (Centers for Disease Control) or the World Health Organization (WHO). The scammers have designed emails that seem to derive from such outlets, but they do contain malicious phishing links or harmful attachments. There are also emails claiming to have a ‘new’ or ‘updated’ list of coronavirus cases in your area.

There’s been an increase in fake internal HR or IT contacts, like coronavirus surveys that impersonate the HR or IT department aim here is to steal usernames and passwords. For example, the user has to provide his Office 365 credentials on a fake site to access the “file” or “survey,” thus compromising their account.

Cybercrime is also likely to rise. Criminals set up fake charities and send emails asking for donations from charities for studies, doctors, or victims affected by the COVID-19 coronavirus.

Get the fundamentals right

Many easy guides are available to help small and medium-sized companies concentrate on the most critical steps like How to Protect Your Business from Cyber Attacks?

Some of the key points to focus on here are:

  1. Keep up-to-date software and anti-malware security and install updates as soon as they are made available. It should also be completely designed to combine anti-malware apps with email and web surfing. As they often target unpatched systems, this helps to reduce vulnerability to attackers. It also means you’ve got security from the new viruses.
  2. Have tight control of access with good password practices. For important accounts or data, two-factor authentication (2FA) is recommended but it is also necessary to follow good practices around passwords. It involves getting good passwords or passphrases, modifying passwords by default, and not using passwords again. The longer the password, the better – a password manager would allow passwords of 12 characters or more to become the length of the baseline instead of eight characters only.
  3. Back up the data and test the processes. This is crucial in particular to defending against ransomware attacks, where data is encrypted by criminals who demand payment to unencrypt it. Do not rely solely on online backup services such as OneDrive or Google Drive.


Remote control and working from home

This is important to ensure that the devices that the workers use from home are safe because they are not carrying home business equipment. The machines that the workers use to access their office workstations need to have an up-to-date anti-virus installed and any cloud IT services, including document sync services, are locked down with the correct file privileges for workers. What we don’t want to do is get a virus or malware synchronizing up to the document store and corrupt the whole business network. Ensure that all remote workstations, laptops, and computers (both remote and at your offices) are all up-to-date with the latest anti-virus software and definition updates, ideally with a central dashboard to view and manage them all. An additional security step would also be to ensure that the anti-virus software used across all machines includes web filtering to protect staff with safe online surfing and phishing email protection against malicious URLs.

The other important thing to note is that the homeworker’s attitude is different from the office worker. We are much more comfortable at home, and therefore much easier to make a mistake when it comes to not catching phishing text, clicking a link, or falling for online scams. To that end, it is important to ensure that the information security awareness training is up-to-date with your employees and that the Cyber Security technology layer is in place if they make a judgment mistake.

Online Ransomware Resources

A large number of coronavirus tools are available online, such as maps showing where and how the virus is spreading across the globe. Malwarebytes have already known that these are fake sites and while they can display these appropriate data, they are riddled behind the scenes with malware, viruses, and ransomware. Some are so dangerous that it is already secretly downloading ransomware on your workstation as soon as you land on the websites and could easily spread to the rest of your employees via document sync services or even via Wi-Fi and Bluetooth. Under the current climate a nightmare for a company to face when cash is needed to survive within a business. Although web filtering and anti-virus agents attempt to counter and block these URLs, threat actors and cyber fraudsters may continue to exploit this environment to their advantage. So be alert, look at the website URL very carefully to make sure it’s correct and not a scam, and use only approved coronavirus services online via government and national health ties.

Social media hacking

Attacks on social media are also presently incredibly viral. Posts on social media sites say they still have some critical stock available to order or provide services to deal with the cashflow issues. Knocking on doors claiming to be at your premises from the government or a health department seeking to sell coronavirus vaccine kits or a safety audit. Online medicines promising to cure coronavirus, letter drops from companies trying to sell you something or give you something, and phone calls from suppliers and government agencies demanding you do something all with the ultimate purpose of stealing your money.

Safeguarding confidential data

Businesses need to take proactive measures to protect confidential and personal data, and working at home may change the way that data is handled. It may not be sufficient to have defined protocols and therefore consideration should be given to sending out new instructions to staff who hand over these data at home. That may include:

  1. Not transfer personal data to non-work computers.
  2. Locking documents securely overnight which contain personal data.
  3. Not printing at home documents and/or emails that contain personal data, unless necessary.
  4. Shredding any records that hold personal data after you have done with it. If employees do not have a shredder at home, they should be kept safe before they employee return to work and can be put (as appropriate) in the confidential waste bins.

It is very difficult to remain composed during a global crisis, however, checking, checking, and then checking again before acting is essential to minimizing any security mistakes or cyber fraud. “If it seems nice to be true, it seems to be real”, as the old saying goes. Use your judgment carefully, and be free. If you have any more concerns or need more support, please contact us.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

The pandemic has made it more difficult for companies to maintain stability and security. But new approaches will help the leaders of cybersecurity.