The coronavirus pandemic has not only caused a worldwide conundrum but now, it has become an excellent opportunity for cybercriminals to capitalize it to their benefits. With more companies and their employees now working from home, 71% of IT and security professionals report a surge in the number of cybercrimes. Phishing attacks have increased considerably since the onset of the pandemic, and employees are receiving e-mails containing viruses and malware. What can organizations or general users do to secure their data and sensitive information?
What are the new modes of cyber attack?
There has been an influx in the number of COVID-19 related domains being registered since February. These principally aim at phishing through fraud websites or phony e-mails. Some pretend to offer information about the pandemic, carry out spam campaigns, frequently ask for personal information and download malware to the user’s device. Since the onset of the pandemic, around 2% malicious and 21% suspicious domains have been registered. Malware, spyware, and Trojans have been found embedded in interactive coronavirus maps and websites.
Malware schemes operating under the pretense of COVID aim at stealing bank account data, passwords, and other information from users. These also pose a threat to highly sensitive information on National defense and security policies.
There seem to be two main targets of these cybercrimes on the account of the pandemic: The general society and companies that are resorting to the work-from-home arrangement.
But working from home has posed a grave security risk to organizations as the proprietary data is being accessed by many devices at the employees’ home which may or may not have the same standard of firewall and safety as an in-office workstation. An employee’s infected device has the potential to infect the entire grid of systems of the origination. The absence of an adequate authentication system can result in data- breach and may ultimately lead to ransomware blackmailing.
Strengthening cyber defenses – the cybercrime checklist
Protecting Personal Data
Always keep a backup of your important files and store them on an external drive or cloud.
Make sure that the website is genuine before entering sensitive information like passwords or login details. Rule of thumb: HTTP= Bad; HTTPS= Good. The ‘S’ stands for secure, and the website uses encryption.
Disable any third-party components that can be weak ends.
Always have anti-virus software installed on your devices.
Check privacy and security settings frequently.
Precautions for Organizations
Be prepared to handle threats posed by a data breach or attacks spreading from devices into the network.
Ensure that you have a VPN or an SDP to integrate secure remote access tools.
Ensure that the system can block malware and exploits, control of traffic, and threat intelligence.
Educate the employees about the relevant guidelines regarding remote working and cybersecurity.
Certainly, with organizations being unprepared for the sudden shift to remote working, the security standards have suffered an unexpected decline. But adapting due diligence and proper security systems suited for the organizations’ environment can help achieve complete protection from cybercrimes. The sudden proliferation of these crimes has posed a threat not only to personal data and systems but also to national security. If one falls into such a trap even after taking all the precautions, it is prudent to file a complaint with the concerned authority.
