With the impact of COVID-19 felt throughout the globe, the main priority of governments and businesses is the safety of their citizens, employees and customers. As organisations encourage their employees to work from home amid the coronavirus pandemic, a new risk to business emerges. Cybercriminals are targeting their attacks on employees who are not used to working from home and organisations that do not have work-from-home policies.
“When unexpected events occur such as the current coronavirus pandemic, major business disruption is created and along with it comes confusion and complex challenges. In this case, the changes in employees’ working environment and the use of business technology creates a large opportunity for cybercriminals to exploit, which is what we’re currently seeing.” – Christian Nyakanyanga, CEO of Cyber Sentinel
Cybercriminals have begun to impersonate health organisations such as the World Health Organisations (WHO)and other government bodies and organisations. Businesses must take a proactive and cautious approach to tackling the current cybersecurity challenges. Below are some key points organisations must consider in regard to their workforce during the COVID-19 pandemic.
Organisations must strengthen their IAM and SIEM monitoring
Increase awareness of threats
There is an increase in phishing campaigns related to COVID-19, with many of them masked as trustworthy health organisations. Cybercriminals may send emails with malicious attachments and links to deceptive websites in order to trick victims into exposing sensitive information. These types of attacks can spread quickly and broadly which could impact the network of an entire organisation, cause identity theft as well as submissions of fraudulent claims for payments and benefit programs.
Organisations should:
Crisis management and incident response plans have to be executable by a remote workforce
A cyber incident that occurs during a time when a business is performing in challenging conditions can become difficult to mitigate. If a business’ plan is dependent on a having physical access, creating a contingency plan with alternative methods would be advised.