Cyber Security Warnings From The Coronavirus Pandemic

The coronavirus pandemic has accelerated a remote working culture that started when high-speed Internet became available at home and in coffee shops. It’s now obvious that many more jobs can be done remotely than previously thought. COVID-19 has also accelerated distance learning and health services. 

Yet while most of the world is trying to deal with the COVID-19 pandemic, it seems hackers are not on lockdown. 

Compliance policies written for the workplace, the classroom as well the doctor’s office will need to be rewritten to reflect this new remote reality. 

Cyber criminals primarily make their money through fraud and extortion. What they do is to target financial systems, steal information to use in various fraud schemes and hold IT systems hostage through ransomware and other means. 

Now here are five ways an organisation can improve its cyber-security.

1. Ignore Phishing Emails
Phishing remains a popular, and effective, technique for attackers. It is an attempt to steal credentials and obtain sensitive information, often by an e-mail message containing a link to a seemingly legitimate Website. Phishing is the top threat action used in cyber-security breaches, according to Verizon’s 2020 Data Breach Investigations Report.

Verizon says in the Report, “As time goes on, it appears that attackers become increasingly efficient and lean more toward attacks such as phishing…”  To combat phishing, employees should know how official communications will be sent, treat unknown e-mails and links as suspicious, and have an easy way to alert their IT security team.

2. Up-Grade Cyber-Security Training for Employees and Management
Most cyber-security training revolves around workplace use, with passing mention of security best practices while on business travel. Remote work opens the door to risks posed by unknown Wi-Fi networks, shared workspaces, wireless printers, and similar technologies not vetted by IT security. 

Cyber security training should include best practices for remote work, covering: working environment, router security, use of a virtual private network (VPN), oversharing screens during online meetings, personal use of company computers, and IT support. As business need cyber security training and we at Cyber Security Intelligence recommend GoCyber training for all employees and management please contact Cyber Security Intelligence for a free trial.

3. Secure Collaboration Tools
Collaboration tools, such as online meeting services, are now the norm for remote teams to communicate. But as recent headlines have shown they can have security gaps if not configured properly. Meeting organisers should use built-in security features, such as waiting rooms, password protection, and other settings to control such things as participants document sharing and recording. 

Participants should not share meeting links publicly or with people who don’t have a need to know. Virtual meeting software should be regularly updated to the current version or have auto-update enabled. 
And very importantly employees and management should only accept meeting invites from expected and trusted sources.

4. Employ Distance Learning and Telemedicine
Education and healthcare changed dramatically when millions of students across the country found themselves suddenly unable to go to school and millions of patients could not see their doctors or receive the healthcare they needed. Both schools and hospitals have been prime targets for ransomware, where cyber-attackers encrypt or lock down a victim’s files/networks and demand a ransom to restore access, a threat only enhanced by COVID-19. 

To combat this, schools and hospitals should update their cyber-security risk assessment to encompass distance learning and telemedicine tools, as well as provide enhanced cyber-security training for educators and healthcare professionals.

5. Employ the NIST Cyber Security Framework
Improve cyber maturity by adopting the National Institutes of Standards and Technology (NIST) Cybersecurity Framework as a guide for building a strong cyber-security foundation. It provides exhaustive guidance around five steps, or functions, Identify, Protect, Detect, Respond & Recover, that could help transform an organisation’s cyber-security risk management posture from reactive to proactive. 

Beyond a response to COVID-19, adopting the NIST Cybersecurity Framework will demonstrate to customers and regulators that an organization takes cyber-security seriously.

COVID-19 is a wake-up call to the world that economies must adapt quickly to survive and prosper. It brought into sharp relief our dependence on technology and its vulnerabilities.

Continued vigilance is the ultimate lesson. Cyber criminals use every opportunity available to exploit weaknesses in cyber security, you should always make sure that you look for information about COVID-19 on trusted sources.

NIST:          Compliance Week:      Verizon:      TEISS

You Might Also Read: 

Cyber Security Market Slowdown Blamed On Coronavirus:
 

 

« First Winners Of £10m British Cyber Security Fund
Global Cyber Security Spend To Grow Only 2.8% »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Internetwork Defense (IND)

Internetwork Defense (IND)

Internetwork Defense is a premier provider of Information Security Training and Business Consulting Services in the Mid-Atlantic region.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Norwegian Data Protection Authority (Datatilsynet)

Norwegian Data Protection Authority (Datatilsynet)

The Norwegian Data Protection Authority (Datatilsynet) is the national data protection authority for Norway.

NetSentries Technologies

NetSentries Technologies

NetSentries provide smart cybersecurity solutions and services to protect Governments, Enterprise and Individuals from threats through a comprehensive range of protocols, products and services.

Koop

Koop

Koop’s trust management platform helps navigate the complexities of regulatory compliance, security reviews, and liability insurance in a single place.