Digital transformation may have been in the pipeline for many organizations, but these plans rapidly became a reality to ensure business continuity when the coronavirus disease (COVID-19) broke out.
Public health and social measures, such as lockdowns and curfews, imposed to curb the spread of the virus have led to an increase in employees working remotely; rapid adoption of cloud services; increased denial of service to systems and less effective existing enterprise security protection such as antimalware solutions; and uncertainty about back-up support as providers have also been affected by the pandemic.
This sudden increased adoption of online culture has opened up new avenues for cyber criminals to exploit internet users. There have been unwanted disruptions, referred to as “Zoom bombing”, on the Zoom video call application, and increased ransomware attacks where criminals block access to or threaten to publicly release data unless ransom is paid. Domains with pandemic-related words such as "coronavirus", "corona-virus", "covid19" and "covid-19" are deployed to lure online users to websites to “phish” for sensitive information and data.
Cybersecurity is therefore critical to staying safe online. Businesses and people must be aware that they face a whole ecosystem threat on the internet, not just hackers and malwares. To stay ahead of the curve, they must take a proactive approach to defense mechanisms.
How can organizations stay safe online? Here are some tips:
It is important for organizations to have an enterprise email security solution with multiple requirements for identification and passwords, referred to as multi-factor authentication, to protect against phishing attacks and other malicious attachments sent to employees. It is not easy for employees to always identify malicious emails because cyber criminals are getting smarter with how they craft and deliver the emails.
EndPoint detections response
Endpoint detection and response tools, an intelligence anti-malware solution, should be deployed to not only identify potential malwares lurking in an organizational network, but to also be able stop them before they cause any harm on an employee’s machine while working remotely.
- Create passwords that are strong and long, using at least 8-12 characters, upper- and lowercase letters, numbers, and symbols, but should be a phrase with spaces. Password crackers have difficulties breaking passwords with spaces in them.
- Change your password often (general rule of thumb: change passwords every 90 days).
- Use a password manager to securely store and manage your passwords. Examples are LASTPASS, DASHLANE, 1PASSWORD
Secure Virtual Private Networks (VPNs)
Most internal organizational applications such as an Enterprise Resource Planning system and Human Resource portal can only be normally accessed internally. A VPN is needed to gain access remotely to allow for business continuity. This needs a level of control to avoid unauthorized access as a hacker gaining access to an employee’s VPN credentials practically has the key to the whole internal network of an organization.
Active monitoring and incidence response
Active and continuous monitoring of internal network traffic flow as well as potential malicious activity on systems or workstations in organizations is essential. Lack of that leads to difficulty in detecting ongoing malicious activity or a malware communication with an attacker making it challenging to actualize timely mitigations that may cost an organization in terms of revenue or downtime.
Cloud data back-up
Realtime cloud back-up and synchronization of data and information is needed to assist in easy recovery should there be any loss due to a cyber-attack.
Business continuity and timely mitigation controls
The sudden deployment of lockdowns and curfews caught many businesses off guard, with little time to plan the transition to working remotely, costing valuable time and resources. This pandemic has re-emphasized the importance of ensuring up-to-date business continuity plans are in in place to ensure the least disruption.
Awareness creation and training
Over and above the implementation of technical controls, employee awareness about the risks, ensuring vigilance and knowing what measures to take in case of a cyber-attack are at the core of organisations staying safe online.
- Use information about you that can be easily found online or elsewhere.
- Share passwords with others.
- Store your passwords online.
- Use any part of your identity number, Social Security Number, birth date, or other personal data when creating passwords.
Individual cyber security
People working from home may be using office-issued equipment, with the necessary organizational cyber-security measures and applications already installed. However, the individuals can further ensure their own personal online security by observing the following:
For device security e.g. mobile phones, tablets
- Only use wireless networks you trust, or else HOTSPOT your mobile phone.
- Avoid using public computers (even those belonging to friends).
- Download legitimate applications from verified sources.
- Use secure https sites.
- Do not click on links or attachments from unknown sources (especially when they are zipped with password protection, be sure you know and trust the sender).
- Do not click on advertisement banners or websites you do not know about, or install advertisement blockers.
Reduce your digital footprint
- Too much information online can be used against you.
- Be very selective about the information you choose to share on social media and with whom you choose to share it.
- Keep personal information private (home address, phone number, and date of birth).
Other safety tips
- Back up your files to cloud services so they can be easily recovered.
- Keep your computer and mobile phone updated with an Anti-Malware solution.
- Activate multi-factor authentication for all your accounts (email accounts and social media).