As the threat of cyber viruses and other online mischief rises during the COVID-19 pandemic, careful measures are being taken to make sure that individuals and the companies they work for are protected.
As remote working arrangements and social distancing restrictions keep many employees at home during the pandemic, increased vigilance against cyber threats is needed to keep systems well-guarded and lower the chances that sensitive information will be stolen. Lori Bailey, Global Head of Cyber Risk, Commercial Insurance, Zurich Insurance Group underlines: “Company-wide awareness and a multi-department approach to managing the risks of coronavirus-related phishing scams, ransomware and other attacks are among the best tactics employers can use to thwart cyber criminals.”
Like the coronavirus, cyber exposures are wide-reaching and hard to spot unless you know the symptoms. And, in the same way preventative measures won’t completely eliminate the possibility of a physical illness, there is always the chance a virus could infect a system. But as careful risk management proves, a strong defense goes a long way in keeping networks healthy.
Cybercrimes of opportunity
The pandemic affords a golden moment for cybercriminals. By preying on the public’s genuine fears and distractions, they are bombarding users with attempts to enter unsecure networks that can act as gateways to stealing corporate information or creating digital mayhem.
Cyber attacks surged immediately after the pandemic began, according to a report by Check Point Software Technologies, which revealed that around 68,000 coronavirus-related domains were registered by mid-April of this year. In the week of March 16, when the U.S. government proposed a stimulus relief package, the number of new registrations was 3.5 times higher than the average of previous weeks. Not all were malicious, the report notes, but the scam websites that appeared used news of the financial incentives and fears regarding the virus to trick people into visiting the sites or clicking on links related to them, risking theft of personal information and theft of funds.
Recent studies have confirmed that phishing campaigns and ransomware attacks have seen big increases since the pandemic began, with email and other communications aimed at tricking users to open malicious attachments or, in some cases, to make wire transfers on behalf of their company.
Beating back the assault by cybercriminals takes a multi-department approach that includes educating employees on the scope of the threat and strengthening protections that can thwart the thieves who try to break into corporate networks.
Keeping threats at bay in order to pursue opportunities
Employees are generally familiar with most of the precautions against cybercrime, as their companies have heavily emphasized the ways they can help prevent attacks. But, as with anything, repetition is key to success – particularly as cybercriminals have become more sophisticated and attacks more targeted in recent years. When phishing schemes first began, malicious emails and websites were cruder and easier to spot. Now, it can be very difficult to spot differences between legitimate communications and those designed by cybercriminals.
Risk mitigation as it applies to individuals starts with the well-known warning not to trust links in emails from unknown senders. Navigating to a website is best done by typing in its URL – which will begin with “https” if it is secure – instead of clicking a link. When in doubt about the legitimacy of a website, users can turn to online URL checkers such as isitphising.org.
In a Risk Insight report, “The Cyber Dimension of the Coronavirus,” released by Zurich earlier this year, there are further recommendations for individuals and business. The report reminds employees that trusted entities such as suppliers and vendors already have account details and are not likely to request such information through emails. It is never advisable to send personal information or passwords through email.
Individuals should always report suspicious activity to cyber security teams or equivalent departments and notify local help desks if they believe they have opened an attachment or clicked a link that could infect their computer.
Cyber risk management
Companies play an important role in making sure their employees are aware of cyber threats at a time when many of them are working from remote locations. Before authorizing remote connections, employees should have adequate training in recognizing phishing campaigns and possess a thorough understanding of corporate IT security guidelines.
Only secured remote access should be allowed to company networks, through a virtual private network (VPN) or another encrypted route. VPNs should be configured with multi-factor authentication to ensure that only authorized individuals are accessing the company network.
IT departments are responsible for the proper configuration of firewalls and consistent monitoring to identify attempts or successful breaches from unauthorized Internet Protocol addresses. Monitoring also applies to cloud services, ensuring that they are appropriately hardened and not inappropriately manipulated.
Treat it like an illness: prevention and preparation are key
COVID-19 is a reminder that unseen threats can be among the most dangerous and damaging. In the same way, cyber risk is an intangible risk that must be managed as a potential contagion and stopped before it can infect and spread. The pandemic has taught us that companies must be diligent with regard to cyber protection and response capabilities. Building resilient systems is the best way to prepare for the next cyber virus epidemic.