As people feel more panicked and rushed, they click on content that uses typical social engineering tricks
A cyber risk expert from AIR has discussed how the focus or distraction of COVID-19 has given cybercriminals new outlets to take advantage of.
With a significant number of employees working remotely, companies are challenged as IT resources become stretched and secure corporate firewalls may not be in place on home networks.
Scott Stransky, vice president of emerging risks at AIR Worldwide, says that people have let their guard down about cyber-attacks, mainly because they are much more concerned about other things related to COVID-19.
As people feel more panicked and rushed, they are actually clicking on content that uses typical social engineering tricks, most of which they would otherwise ignore. For example, a user working at home might open an email that looks like it’s from their CEO with the latest information about a company’s continuity plan - when those emails are actually from a bad actor.
In addition, as an unprecedented number of employees work from home, there are increasing aggregation risks. During just one week in March, videoconferencing apps saw a record 62 million downloads.
People are relying heavily on meeting software programs, such Teams, Zoom, and Skype, which can be hacked or incur downtime leading to business interruption loss.
Stransky recommends minimising cyber security risks in the following three ways:
1. Update Your Device’s Protection
Your first line of defense is making sure that the anti-virus protection for all of your devices (including the router) is up-to-date. Where it is available on your accounts, use multi-factor authentication. And use only known and secure connections; hackers can easily connect to your device, for example, if you are using Bluetooth in a public space.
2. Ensure Your WiFi Is Secure
Work only with secure, password-protected internet connections and avoid using public WiFi. Never use public WiFi to access confidential information. Hackers can mimic secure networks, and if you fall for this trick they can infect your machine with malicious files and access everything you do online.
3. Expect Phishing Emails
People get tricked into responding to phishing emails because they believe they are doing the right thing and because people often see what they expect or want to see. A crisis such as this uncertain time makes some people anxious and puts all of us in new and unexpected situations - circumstances that cyber criminals exploit.
Furthermore, to combat most hackers, all your accounts (particularly Office 365 email accounts) should be protected with multi-factor authentication. There is no substitute, however, for personal vigilance. If you are suspicious of an email, even an internal company communication, contact your IT department to verify its authenticity.
The COVID-19 pandemic has caused global disruption and is changing the landscape of cyber security threats. It’s always best for employees to proceed with caution and report suspicious computer prompts, emails, or text messages, especially during the current pandemic.