Coronavirus is changing how people work and interact every day. Many companies have needed to expand their remote working capacity as a result of the outbreak – and usually at very short notice. To provide as many employees as possible with easy access to operating software and systems quickly, in some cases IT security standards have had to be lowered or suspended, resulting in potential cyber security exposures for companies.
One consequence of potentially laxer security may be that cybercriminals and hackers may find it easier to penetrate previously protected corporate systems, causing data breaches, cyber blackmail intrusions and IT system failures.
According to the Allianz Risk Barometer, an annual survey of more than 2,700 risk management experts around the globe, cyber risk already ranked as the number one threat for businesses in 2020 before the coronavirus outbreak, driven by concerns about data breaches becoming larger and more expensive; ransomware incidents bringing increasing losses and business email compromise (BEC) or spoofing attacks, which typically involve social engineering and phishing emails to dupe employees into revealing confidential or valuable information. BEC attacks have resulted in fraudulent losses in excess of $20 billion since 2016.
Unfortunately, the significant increase in home workers accessing the corporate network with a virtual private network (VPN) connection because of the coronavirus pandemic only exacerbates these risks, providing a perfect opportunity for cyber criminals, as recent events demonstrate only too well.
It is estimated that anywhere between 50% and 90% of data breaches are caused or abetted by employees, be it by simple error or by falling victim of phishing or social engineering. Recent events demonstrate the vulnerability only too well. In April, Google detected and blocked more than 18 million malware and phishing emails and 240 million daily spam messages related to the coronavirus pandemic in a single week. In total, Google blocks more than 100 million phishing emails each day.
See also: Coronavirus Boosts Cyber Risk
If remote workers fall victim to a cyberattack, it puts their work network at risk. There are several effective security measures businesses can apply to help remote employees combat internet attacks.
Keep Software Up to Date
Check whether you can use current versions of operating systems and installed programs. If possible, use the automatic update feature, which is often the default setting. Otherwise, immediately install security updates for your software, especially for your web browser and operating system.
Use Virus Protection and Firewalls
Check activation of virus protection and firewalls, but keep in mind that this measure can only be effective as an accompanying measure with other security procedures. Its application does not reduce the importance of the other tips in this article.
Create Different User Accounts
Malicious programs have the same rights on the PC as the user account through which they entered the computer. You should, therefore, only work with administrator rights if absolutely necessary.
Be Cautious About Sharing Personal Data
Online fraudsters increase their success rates by addressing their victims individually: Previously spied-on data, such as surfing habits or personal names, are used to inspire confidence. Today, personal data is considered a currency on the internet and is traded in this way. If possible, use a VPN connected to your home network in public wireless local area network (WLAN) hotspots.
Otherwise, unencrypted transmitted data can be read by third parties. At the same time, a VPN also protects against a number of other attacks on the PC and the data stored on it.
Use Up-to-Date Web Browsers
Check whether to disable components and plug-ins in your browser settings. First, enter the addresses for security-critical websites, such as for online banking, manually in the address line of the browser and save the address entered in this way as a bookmark, which you can then use for secure access.
Where two-factor authentication is offered, use it to secure access to your account. A password manager can facilitate the handling of different passwords. Do not share your passwords with third parties.
Protect Your Data Through Encryption
Protect your confidential emails with encryption. If a WLAN is used, subject to the information security guidance of your entity, pay attention to the encryption of the wireless network. Subject to higher standards as per individual guidance of the respective individual security officer (ISO), in your router, select the WPA3 encryption standard or, if this is not yet supported, WPA2, until further notice. Choose a complex password of at least 20 characters.
Identify All Participants in Online Sessions
It is particularly easy for unauthorized persons who have obtained the dial-in data to join large online meetings with many participants. That’s why everyone who appears in the meeting needs to briefly identify themselves, especially when discussing sensitive topics and sharing presentations on screen.
Be Extremely Careful With Suspicious E-mails or Attachments, Especially if the Sender Is Unknown
Especially in the familiar environment of your home office, you must be wary of suspicious e-mails. Take your time and check each email thoroughly before you open it.
Please see CORONAVIRUS: STAYING CYBER-SECURE THROUGH THE PANDEMIC for a complete list of IT security measures.
See also: New Enhancements for Cyber Coverage
COVID-19 is one of the many crises that hackers and scammers leveraged to exploit vulnerable businesses, and they will find more innovative ways in the future. More than ever, it is vital for organizations to protect themselves from malicious cyberattacks by educating employees about how to identify and prevent cyberattacks and implementing home security policies for remote workers.