COVID-19 Granting New Opportunities To Cybercriminals: How To Be Secure
Updated on: March 3, 2022
Harshit Agarwal
12 mins read
COVID-19 or Coronavirus is a truly global health pandemic that is affecting millions of people across the seven continents. Without a confirmed cure or vaccine, the most reliable solution is social distancing. As a result, companies across the globe have been practicing Work from Home (WFH) or telecommuting.
Although the switch to remote work has been largely successful, the situation has become ideal for cybercriminals. Hence stronger measures to enhance data security, and secure the transmission of information between remote employees and their employers need to be implemented.
Cybercriminals are taking advantage of the ongoing ‘Work From Home’ initiatives being undertaken by companies across the world. Simply put, as a result of Startups, Business and Enterprises practicing WFH to keep their business ongoing, there is a massive surge in cybercrimes.
The National Bureau of Fraud Intelligence (NFIB) recently identified a new and continually rising trend in Coronavirus or COVID-19-related fraud. Companies and their digital security teams now have to work even harder to secure the data flowing through cyberspace.
Action Fraud, the UK’s national reporting center for fraud and cybercrimes, claims COIVD-19-related frauds increased by 400 in April 2020. As of this month, there have been more than 500 cases of cyber-fraud or cybercrime with total losses estimated to have crossed £1.6 Million.
The first report was issued on February 9 relating to Coronavirus, or COVID-19. There were 20 more reports that month. Since then, there have been 46 reports between 1 March and 13 March, and 38 reports in just four days. On average, there are over 50 reports of cybercrime coming in on a daily basis.
Impact on security due to WFH
In order to comply with the lockdown or quarantine, the majority of IT Companies have asked their employees to work from home. The unrelenting spread of Coronavirus is causing issues to them as they are still evaluating the impact.
Due to the ongoing pandemic, many companies are facing losses and quite a few are trying hard just to stay afloat. Due to WFH, a lot of companies’ data is at risk not simply due to poorly secured Wi-Fi networks but also from cybercrimes that are increasing at an unprecedented rate.
Business Losing Potential Clients and Slowdown in the Economy:
The ongoing Coronavirus has been quite harsh to several companies. Organizations that rely on regular customer footfall have been suffering from empty shops. Businesses are not only losing current but also potential clients.
Although the situation may appear tough, companies have been discovering several new methods of making new customers and engaging loyal ones to maintain and even grow their business. Still, owing to declining consumption and the ongoing isolation, the economy has slowed down significantly. Moreover, the situation isn’t showing a lot of positive signs, which means companies will have to gear up and get ready for the long haul. On the brighter side, companies have a longer duration of time to test new approaches to boost business.
As companies are working with their employees remotely, the risks of data exposure are rising. Needless to add, this will have a further detrimental impact on the economy as companies will have to deploy several additional measures to protect data and prevent cyberattacks on their networks.
Increase in Cyber-Crime
Cybercrimes are increasing even more rapidly considering the current scenario, according to the Ninth Annual Cost of Cybercrime Study released by Accenture and the Ponemon Institute.
An organization’s average cost of cybercrime has reportedly risen from $1.4 million to $13.0 million in the last year alone, and the average number of security breaches over the last year has risen from 130 to 145, a jump by 11 percent. There are several traditional methods and a few new ones which the cybercriminals are employing to commit data fraud.
Phishing Emails:
Phishing emails that claim to offer the latest or updated information about the coronavirus or COVID-19 have risen sharply. According to reports from criminal investigation agencies, the number of coronavirus-themed phishing attempts has crossed 2,000 in the UK alone.
The most common techniques involve well-crafted emails attempting to trick people into opening malicious attachments. These websites or documents are loaded with malware which allows criminals to steal the victims’ banking details, email logins, and passwords.
Many fraudsters are benefitting from the fact that banks’ physical branches are closed, and the financial institutions are continually encouraging people to operate their accounts online.
To take advantage of successful phishing campaigns, hundreds of fake websites have been launched within a span of days. There have been several attempts to mimic the official websites of banking and other financial institutions to steal sensitive data. Quite a few appear to be from the Government or the World Health Organization (WHO) claiming to contain important advice about general health. Some even claim to offer accurate information relating to the locations of coronavirus victims, or details of COVID-19 research.
Owing to the hoarding and panic-buying of hand sanitizers and toilet paper, a few websites have started promoting the availability and sale of hand-sanitizer and similar antibacterial products. Additionally, many other products that fall under the Personal Protective Equipment (PPE) like masks, shields, etc. are being promised at attractive prices as well.
Fake Notice/Warning Messages:
There have been several instances of people receiving notices and warnings, the most common being venturing outside the house multiple times in a day. It is concerning to know the high level of detail and the lengths the cybercriminals go to make the warning messages appear authentic.
These messages not only exploit the relentless concerns in the minds of victims about coronavirus but also pry upon the fears of authority. While many messages can be vetted as attempts of fraud by merely reading through them, several appear highly authentic. The majority of these messages often contain links that the cybercriminals want the victim to click. These links take victims to websites that mimic the original websites of government departments set up to deal with the ongoing crisis.
During the current situation, the most vulnerable segment is healthcare. Cybercriminals are prying on the minds of potential victims through emails that claim to offer information about coronavirus or COVID-19. It is important to note that there is no vaccine developed yet to fight the virus. However, that hasn’t stopped the fraudsters from claiming to offer either medicine, vaccines, or other solutions that supposedly help ward off the attack of coronavirus.
Ensuring data security for businesses and where it is failing
The current situation has truly been unprecedented. It has forced companies to run their operations by relying on employees working remotely. While employees have worked from home in the past, this is the first time they are required to work consistently for prolonged periods of time. Such a situation has granted a lot of time and new opportunities for cybercriminals to try and steal sensitive data or eavesdrop.
Businesses face the greatest risk of data theft during the ongoing health crisis. Hence companies have had to rush and incorporate techniques and protocols that attempt to ensure the transmission of data takes place over the most secured channels of communication. However, there are always weak spots and cracks in the system that have traditionally been exploited.
Experts claim that businesses that are looking at WFH strategies should immediately, deploy additional measures to enhance data security and integrity. Moreover, they must place the mandated data safety protocols on their websites and obtain online consent from regular employees. Only those employees or workers who comply with measures like these should be allowed to operate from home. Some of the most common techniques to protect and safeguard data is to have Virtual Private Networks (VPN) and cloud solutions so that even in a WFH environment, basic data security is assured.
Why do IT Managers need to consider Mobile Device Management and Mobile application management?
Managing and securing data was easy when work Laptops/Computers were restricted to companies’ internal data networks but due to the advancement of technologies, employees have gone mobile and so has mobile data. Mobile Device Management or MDM gives administrators the ability to track lost or stolen mobile devices using GPS, wipe data remotely if and when needed
Mobile Device Management (MDM) and Mobile Application Management (MAM) might sound similar but they are quite different from each other. However, they do need to work together to ensure end-to-end data security and integrity. As the name implies, MAM is primarily concerned with the applications that are installed on the devices which are used remotely. MDM, on the other hand, is much more comprehensive. It ensures the entire device or devices are protected and secured from cybercriminals.
Organizations having employees work from home need to have both the platforms working actively and synergistically. Even if a single employee’s device or devices are compromised, cybercriminals can penetrate the otherwise secure networks. Moreover, compromised devices can be used to launch phishing attacks, thereby gaining deeper entry into the company’s networks.
During such circumstances, companies have to deploy comprehensive digital protection that ensures the devices and digital pathways the employees working from home are using, are completely cyber-secure. Incidentally, protocols and technologies ensure data safety is already available, but they need to be deployed efficiently to ensure there are no weak spots or vulnerabilities that could be exploited by cybercriminals and fraudsters. Moreover, there will have to be always on alert as well as quick response practices and teams that quickly plug the leaks and prevent further loss.
Improve security awareness and operations
A comprehensive and well-implemented security awareness system allows the organization to inform, track, and sustain security awareness within the organization ongoingly. Here’s how organizations can go about ensuring their sensitive data is protected from cybercriminals and digital thieves.
Assembling the security awareness team:
This security awareness team is responsible for the development, delivery, and maintenance of the protocols and practices formulated to protect data from unauthorized access. Diverse personnel from multiple areas of the organization, with
varying responsibilities, should be part of the team. This team will help to
ensure the success of the security awareness program through the assignment of responsibilities to the concerned employees.
The size of the security awareness team will depend on the specific needs of each
organization and its culture. Ranging from a couple of people to a dozen, the
a security awareness team would act as a single point of contact to ensure the employees are given ample information and relevant tools to ensure the data flow is secured and accessed only by authorized personnel.
Role of the team in security awareness:
The primary role of the team in security awareness is to ensure the employees of the organization know how to access, process, and deliver information securely. The team must educate the employees about the best practices to prevent data theft or leak while working remotely.
The goal of the team in security awareness is to build a reference catalog and judge the depths of training to help organizations deliver adequate training to people at the right time. The team must establish a minimum awareness level for all personnel.
Some of the most common and effective methods of training including formal training, computer-based training, e-mails and circulars, memos, notices, bulletins, posters, etc. During the ongoing COVID-19 pandemic and WFH scenario, the computer-based training, which involves virtual classrooms, meetings, and other forms of digital communications are needed.
Security awareness in organizations:
The COVID-19 crisis has proven a high level of inadequacy in ensuring a secure remote working environment. It has exposed the multiple hurdles and inconsistencies in offering a secure virtual environment in which employees can continue working from out of office.
A vast majority of employees of the major organizations are still unaware or poorly educated about the security protocols, mandatory procedures, and safety precautions that need to be taken to prevent data leaks and virtual thefts. The security awareness team will have to not only improve the security awareness metrics but also find ways to include the same into management and staff performance reviews. Conducting or organization routine audits or awareness programs about data safety could also be part of the work culture.
Conclusion
The depth of social and economic disturbance COVID-19 has caused is yet to be measured fully. But we all know that the damages are expected to be unprecedented. Maintaining security protocols in these tough times is more challenging than ever for organizations. The massive office exodus scenario is putting a lot of pressure on each and every element of business and cybercriminals are more ready than ever to take advantage of these vulnerabilities.
However, business leaders could minimize the impact of this crisis and ward-off the majority of cybersecurity issues by following the best practices of overall organization dynamics for Information Security. They can leverage new technologies and policies to empower their employees and establish a clear chain of communication regarding security. They can also ensure that everyone is aware of the risks and is equipped with the necessary resources to mitigate them at the same time.
Harshit Agarwal
