When Viruses Collide: Coronavirus and Digital Threats
What does the COVID-19 Coronavirus and computer viruses have in common? At first, you may think nothing, but the deep impact of the 2020 pandemic has been felt by organisations all over the globe, with disruptions to operations, restrictions on travel, inability to source materials, depressed customer demand, closure of workplaces and serious financial stress. This is an environment where attentions are diverted – the perfect opportunity for Threat Actors to prey on unsuspecting individuals and vulnerable organisations.
Working from home and increased vulnerabilities
But it gets worse. As many businesses seek to remain operational despite workers unable to attend offices, many are now working from home. This presents a range of issues, including:
- Personal, unprotected devices such as home computers, tablets and smartphones connecting to corporate systems and accessing confidential data
- Increased use of unprotected email, personal sharing cloud applications and removable media such as USB drives to move corporate data around
- Distractions in personal environments can improve the effectiveness of social engineering attacks
Early reports identify an increase in frequency and severity
The Australian Cyber Security Centre (ACSC) has observed thousands of COVID-19 related websites being registered to exploit individuals concerns and interest in information about the pandemic. Many of these are websites are designed to steal personal information or install malicious software.
The Australian Competition and Consumer Commission (ACCC) has received hundreds of coronavirus-related scam reports since the outbreak, including cybercriminals pretending to be from legitimate-sounding organisations such as travel companies, banks, government agencies and telco providers to ask for personal information, gain access to computers or ask for payment of fake services.
Recommended Actions
Defending against these cyber threats requires action on several fronts:
Personal
- Stay vigilant and pay particular attention to phishing phone calls, SMSs and emails from people who don’t know
- Ensure computers, tablets and smartphones are updated regularly
Team
- Store all corporate information in company systems, not in personal file storage systems
- Use corporate chat-based messaging and videoconferencing solutions where appropriate, rather than email
Corporate
- Conduct a data audit to identify what information needs to be protected and take a risk-based approach to investment in technology
- Implement strong cyber defences to protect your valuable data
- Regularly communicate with team members about good cybersecurity practices
- Enforce multi-factor authentication for all access to corporate information
- Document plans for business continuity
- Test procedures for incident response
- Consider cyber insurance
- Understand your obligations regarding data breach notification
Threats continually evolve and require a continual improvement strategy for protection. 365 Architechs provide a range of cybersecurity services to assist organisations in improving their security posture while managing costs and impact to users.