Cybersecurity alert: Hacking and COVID-19
Don’t let the COVID-19 pandemic distract from cybersecurity — remember, hackers thrive in crises. Consider these precautions to minimize risk and protect data.
Just like biological viruses, computer viruses and malware can reside silently and invisibly in your IT systems systems. They tend to possess similar features to one another — although each typically has its own “signature” — and they can be modified to behave somewhat differently. Regardless of these minor tweaks, their capacity to cause serious harm to your organization remains the same. Ransomware, for example, is among the best known and most dangerous types of viruses. It spreads extremely fast through your network and, if uncontained, can shut down your system entirely. Fortunately, you can take several steps to shield your organization from viruses, ransomware, and other types of malware.
Companies need to think fast and smart when it comes to cybersecurity in order to prevent disruption and protect the valuable data businesses rely on and are responsible to protect. A high level of awareness and vigilance when it comes to cyber hygiene is critical in our ever-connected world and global supply chain. Consider implementing, if you haven’t already, these practical cybersecurity precautions.
Tighten remote access security
With nonessential employees working from home, your staff need remote access, but home-based networks often lack the same layers of security and oversight as organizational networks. For example, cable modem passwords might not have been changed from factory defaults, or home network components (modems, Wi-Fi, printers) aren’t up to date on the latest software and patches. These things allow hackers to take advantage of known vulnerabilities. Think about taking these steps to:
- Give access to your organization’s networks only to the employees who must have it. (This will ease potential bandwidth and licensing issues as well.) This should include disabling access of employees who have been temporarily furloughed.
- Use two-factor authentication. This way, you’re not only relying on a user’s passwords, which can be vulnerable through social engineering attacks (when hackers learn passwords by monitoring users’ social media accounts).
- Make sure all employee devices, including home computers and personal laptops, have updated versions of anti-virus and anti-malware software installed. Be sure to include all bring-your-own-device (BYOD) tools, including mobile phones and tablets.
Emphasize employees’ cybersecurity savvy
Your employees are one of your first lines of defense against cyberattacks. You’re already communicating with them about COVID-19 and necessary policy and process changes — be sure to also routinely cover cybersecurity awareness and the latest threats. The U.S. Department of Homeland Security issues alerts and guidance on current attacks and vulnerabilities. Stay abreast of what’s happening, and remember that hackers are very good at creating phishing emails that fool your workforce into clicking on links and attachments designed to infect your systems.
Train staff to:
- Use extreme caution when opening emails and attachments, particularly those from external or unrecognized parties. One common trick hackers use is to put “coronavirus” or “COVID-19) in the subject line, hyperlinks, and attachment file names so that your people think these include important information.
- Visit websites directly — and only websites from legitimate, reputable organizations — rather than use links sent via email. One proactive tactic is to whitelist websites your organization approves to ensure staff can’t visit scam pages.
- Similarly, clicking on social media links claiming to go to “COVID-19 news” or “dashboards” on third-party sites might in fact lead to hackers’ sites designed to gain users’ login credentials or initiate a malware attack.
Monitor system access
All organizations, and particularly those that handle and store protected data, need to continuously monitor their networks. This helps you identify suspicious activity that could indicate unauthorized access or a data breach. Consider the following steps:
- Use a centralized audit logging system, or hire a third-party vendor to provide security monitoring services. The easier you make the auditing and logging process, the more likely it is to be used.
- Do not allow unrecognized, unregistered, or unapproved inbound IP addresses to export large amounts of data from your system. You can restrict these types of access by changing your firewall rules.
- Perform periodic assessments to ensure IT and cybersecurity best practices are being used and that you’re logging access to sensitive data. Consider engaging independent consultants to test your network and controls to ensure they’re operating effectively.
Up your incident response game
Now is the right time to ensure your incident response initiatives are effectively leveraged to help your organization identify, alert, respond, and rebound in the face of a cyberattack. Do you have best practices implemented to prevent or minimize disruption? Consider these steps:
- Continually revisit and add new situations and scenarios to your incident response practices.
- Focus on making your incident response reporting and escalation processes and procedures the best they can be, implementing any system modifications required.
- Practice and prepare by holding tabletop incident simulation exercises. These help you validate the design and robustness of your incident response strategies.
Don’t neglect system maintenance
With attention focused on the current health crisis and its impact on your daily operations, it’s easy to put off regular, routine maintenance on your systems. Bad idea.
- Optimizing resources and greater security are two important benefits of routine updates and maintenance. Be sure to keep your systems current and make recommended configuration changes.
- The same holds true for security patches, which shore up your system’s defenses against viruses, ransomware, and other types of cyberattacks.
Test and monitor your cybersecurity initiatives
You can’t know your cybersecurity initiatives are effective if you don’t test and monitor them. This should include ongoing oversight and occasional, unannounced drills. Use these tests to validate that the security measures you’ve put in place are doing the job properly. You might uncover some unexpected vulnerabilities. These require you to develop risk treatment plans to address them and to take corrective action immediately. You can:
- Develop leadership dashboards and reporting focused specifically on cybersecurity KPIs and metrics, that way leaders can stay on top of current threats and organizational risks.
- Designate internal auditing staff or experts in IT security perform the assessments for your organization.
- Consider engaging independent, objective third parties with proven cybersecurity expertise to handle testing and assessments. With pinched resources, this can often be a more effective route to take.
Don’t let the challenges of COVID-19 distract you from critical cybersecurity concerns and heightened risks. Just as you take precautions to prevent infection among your staff, you must also shore up your IT systems’ defenses against a broad range of cyberthreats. There’s a lot you can do to mitigate cybersecurity risks — from improving IT operational resilience and emergency readiness to strengthening your IT security practices, programs, and infrastructure.
We’re available to help. As always, if you have any questions, feel free to give us a call.