Covid-19 has thrown businesses into a new world of unknowns. As employees settle into working from home, IT teams are being faced with a set of entirely unprecedented cybersecurity challenges. After all, before the outbreak of the pandemic, extended periods of social isolation weren’t part of anybody’s Business Continuity Plan — and that means businesses need to adapt quickly now.
The Challenge: Covid-19, an opportune moment for cybercrime
Cybercriminals are always looking to exploit vulnerabilities to generate income, and the current pandemic crisis is no exception. In fact, rather than slowing malicious individuals down, the Coronavirus has actually created the perfect conditions for cyberattacks. Away from the infrastructure of the office, employees are relying on their own devices, router and internet — consumer-grade technology which hasn’t been secured by the company’s cybersecurity team. This might explain why the number of daily ransomware attacks across the globe has increased by half over the past three months – and that they've almost doubled in the US.
Worse still, as employees are isolated at home, they’re far more vulnerable to scams and phishing attacks. These attacks involve cybercriminals tricking individuals into revealing information, buying bogus products or providing them with access to internal systems. Some recent examples have included fake Track and Trace text messages, which prompt recipients to provide personal details or download malware to their device. This scam alone is predicted to have cost victims £11m. There have also been reports of cybercriminals luring people with fake PPE, testing kits and sham key worker badges to obtain supermarket discounts.
In fact, more than one in three UK cyberattacks in the past year has been linked to Coronavirus in some way. Clearly, we’re in a time of heightened cybersecurity vulnerability. So, how can you keep your business — and your employees — secure from these increasing threats?
The Solution: Prevent risks before they become problems
The answer lies in a proactive approach. It’s crucial to anticipate the risks and take action to prevent, or at the very least mitigate them, before they arrive. In the words of Rod Moore, CEO at A&O IT Group, “You need to take control of your business before someone else does”.
There are five key ways you can go about proactively protecting your business during this period of remote working. They are:
Assess the build of your devices — It’s important to ensure all devices have a common build which has been hardened and security assessed. This should include up-to-date end-point protection.
- Patch your software — This is more challenging with the majority of the workforce at home but there are reasonably priced products out there to enable you to do it (and A&O Group are on-hand if you need help).
- Multi-factor authentication is key — Make life more difficult for potential hackers by implementing multi-factor identification across all devices in your network.
- Use a VPN — A corporate VPN should be used to route all traffic through the corporate infrastructure. An untrusted VPN would be worse than none at all.
- Remember your core infrastructure — Don't concentrate solely on the endpoint and neglect regular security assessments of core infrastructure. After all, infrastructure may be seeing less attention from IT teams who may themselves be remote.
Another aspect of solving the cybersecurity challenge is the human piece. The right infrastructure is crucial, but, as we have seen, it’s often the people who are fooled into giving away information or providing access to malicious individuals. As a recent report from McKinsey states: ‘Even with stronger technology controls, employees working from home must still exercise good judgment to maintain information security.’ Employee education and communication need to be regular, timely, creative and memorable, to ensure that awareness of cybersecurity threats never wanes. You should think carefully about providing additional training to your employees to prevent them from falling for phishing attacks and other scams.
Choose an expert partner you can rely on
Of course, even if you have the best protocols in place, the risks are still incredibly high. This is an unprecedented time for cybersecurity, and it’s very difficult to face these mounting threats alone. Choosing an expert cybersecurity partner will not only help your business to stay alert and up-to-date with risks, but they’ll help you prevent these expensive and damaging attacks happening in the first place. That’s our aim at A&O IT Group. We work in partnership to help you design and build your network and application to the highest level, providing greater protection from day one.
After all, a secure business is a proactive business — even in an unprecedented time like this.
Contact A&O IT Group to discover more about enhancing your cybersecurity.