With the impact of COVID-19 felt throughout the globe, the main priority of governments and businesses is the safety of their citizens, employees and customers. As organisations encourage their employees to work from home amid the coronavirus pandemic, a new risk to business emerges. Cybercriminals are targeting their attacks on employees who are not used to working from home and organisations that do not have work-from-home policies.
“When unexpected events occur such as the current coronavirus pandemic, major business disruption is created and along with it comes confusion and complex challenges. In this case, the changes in employees’ working environment and the use of business technology creates a large opportunity for cybercriminals to exploit, which is what we’re currently seeing.” – Christian Nyakanyanga, CEO of Cyber Sentinel
Cybercriminals have begun to impersonate health organisations such as the World Health Organisations (WHO)and other government bodies and organisations. Businesses must take a proactive and cautious approach to tackling the current cybersecurity challenges. Below are some key points organisations must consider in regard to their workforce during the COVID-19 pandemic.
Organisations must strengthen their IAM and SIEM monitoring
- Enforce a consistent layer of multi-factor authentication (MFA) or possibly set up a step-up authentication.
- Establish identity and access management processes that secure third-party identities access networks entirely.
- Have an extensive view of privileged identities within their IT environments. This includes a procedure to detect, prevent or remove orphaned accounts. Organisations must observe user entitlements on active directory and all crucial application to keep an eye on abnormalities such as:
- Terminated user accounts that are still active and being used
- Sudden privilege escalations
- Use of dormant accounts
Increase awareness of threats
There is an increase in phishing campaigns related to COVID-19, with many of them masked as trustworthy health organisations. Cybercriminals may send emails with malicious attachments and links to deceptive websites in order to trick victims into exposing sensitive information. These types of attacks can spread quickly and broadly which could impact the network of an entire organisation, cause identity theft as well as submissions of fraudulent claims for payments and benefit programs.
Organisations should:
- Give caution to employees to not reveal personal or financial information in emails and to not respond to any email solicitations for such information.
- Only use reliable sources such as the World Health Organisation and other legitimate government websites for information on COVID-19
- Be cautious in handling emails with COVID-19 related subject lines, attachments, hyperlinks as well as to be suspicious of calls or texts that are related to COVID-19.
- Ensure that employees are not using personal laptops for work related activities. Using personal computers and devices creates challenges in preserving documents as well as increases the cyber risks as many personal devices have outdated software.
Crisis management and incident response plans have to be executable by a remote workforce
A cyber incident that occurs during a time when a business is performing in challenging conditions can become difficult to mitigate. If a business’ plan is dependent on a having physical access, creating a contingency plan with alternative methods would be advised.