Cybersecurity in the Time of Coronavirus
GEO Strategic Partners Team
The Coronavirus outbreak has been the cause of a fundamental change inhow a large number of companies manage their daily operations. According to health guidelines and several governmental institutions worldwide, all employees able to work remotely should do so, in order to limit the number of contacts and contain the virus.
While the measure is certainly salutary it raises great challenges for companies that have not resorted to remote work to date, and not only from a purely operational perspective but especially from the point of view of cyber security. Most of these companies lack a secure infrastructure for implementing remote work from one day to the next. From the devices themselves to the internet connections used by employees to access databases, there are many vulnerabilities that can and will be exploited by hackers in the following days.
Cybercriminals are already leveraging the coronavirus context to commit scams and fraud by means of phishing emails, one of the most common type of social engineering attack. This type of email exploits people's need for more and more information related to the pandemic by adding malicious links or attachments delivering details on certain aspects of the subject.
The efficacy of these emails heavily relies on their fake authenticity. Phishing emails are designed to mislead the target into thinking they come from a legitimate source and might look like messages from official entities, health guidelines or even organisational practices from the employer themself.
Few people are used to applying critical thought before rushing to click on different links or downloading attachments, and even fewer are actually trained in identifying these types of scams. They all revolve around taking advantage of negligence and human error. Hence measures for raising the cybersecurity awareness of remote workers should be taken immediately by any company needing to send its employees home without having the proper infrastructure in place.
One of the challenges may be due tothe fact that many companies do not have the necessary ressources to produce their own educational materials. Fortunately, at this point a high number of companies operating in the field have free online guidelines that can be used by other companies to raise awareness and educate their employees. However, at the same time clearer processes and procedures should be shared with employees in case of suspicion of a security breach. Employees should also be encouraged to call out any suspicious activity.
Building a culture of cyber security cannot be achieved from day to day, being a long-term process that involves a series of resources and a well-configured strategy from the first step. However, it is never too late to start educating employees and helpingthemtoachieve a basic understanding ofhow systems work, what arethe main threats and the forms these could take. Guiding employees in developing and using their critical thinking and intuition in order to identify suspicious activity should be one of the top priorities in general.
There is a common belief among specialists in the field that the weakest link in the security chain is the human component. Statistics say that 95% of data breaches are caused by human error. A low degree of cybersecurity awareness in conjunction with limited security solutions can cause severe data breaches with major impact, at an operational, legal and reputational level. As reported by many media outlets, cyber criminals have already taken advantage of the coronavirus pandemic. The constant rise in the number of people working remotely worldwide will only cause an increase in the number of cyberattacks and data breaches. Now more than ever, companies should raise the question of their full ability to manage an epidemic of computer viruses. Stay cyber safe and do enable two-factor authentication.