There has been an increase in cyber-attacks with the fast global spread of the COVID-19 pandemic. Some practical steps have to be taken to deal with the coronavirus crisis. The first line of defense for your company is your workforce. Protect your organization by urging employees to be careful of email from unacquainted sources. Cybersecurity teams should team up with fraud risk management teams to manage activities regarding detection-and-response.
Issues Arising From COVID-19
Social engineering campaigns that have been taking undue advantage of the fear of the virus started late January and have been spreading till now. Bogus players generally pretend like a genuine organization (such as banks, merchants) or individual (such as a co-worker, manager, IT administrator), all of which have made a surge in the volume of malicious emails.
What Are The Cybercriminals After?
Business email compromise (BEC) scams are created to deceive victims and made them transfer sensitive personal or corporate information to threaten their accounts. Organizations are infiltrated and information systems particularly corporate payment systems are compromised to steal credentials. If successful, the attacks can pave the way for more fraud.
Beware Of The Following Cyber Attack-Techniques
Social engineering scams increase during natural disasters, terror attacks, or pandemics. Emails imitating as government announcements, operational and industry disruption, hidden malware, fake advice and cures, incorrect charity, and scam that go beyond business email compromise are some COVID-19-related campaigns that have appeared.
Help Your Employees Fight Cyber Attacks
The first line of defense against cyber-attacks is your well aware employees. Strengthen that defense. The most effective antidote is increased awareness. Train your workforce to take precautions, especially on their mobile devices to protect from a social engineering attack.
Caring For Your Employees: Healthy, Safe — And Productive And Secure
Telecommuting increases during public health crises and that can lead to cybercrime. Cybersecurity and Infrastructure Security Agency (CISA) has also released an alert about vulnerabilities faced by companies due to the remote access to computer systems of companies. A rise in the usage of the cloud-based apps has made it easier for malicious actors to misuse deficiencies in networks.
This crisis gave only weeks or days to organizations to enable the move to a telecommuting workforce. Transition in a way that doesn’t dodge the protection you have in place. Ensure your employees are taking the necessary precautions including social distancing guidelines and travel restrictions. Have a proper arrangement for quarantines and lockdowns. And have essential operations for customers, partners, and suppliers.
Numerous companies are allowing work-from-home at extraordinary speed to make sure the business continues. Technology made it possible to transition to quick, safe, and remote work models. Companies were able to implement infrastructure to enable a work-at-home workforce on a large scale. What wasn’t possible previously is now doable with a complete suite of capabilities. Solutions that match with the circumstances were arranged but transitioning to work-at-home ought to be done without compromising security.
Consider The Crisis As An Ongoing Test Of Resilience: Emerge Stronger
With skepticism, training, and technical safety, you can prevent damage from COVID-19-themed phishing and BEC scams. An effective defense strategy is required to raise security awareness for your employees.
The following steps are recommended by experts:
Prepare your reaction to a phishing attack. Include what you have learned from your previous simulations so that any problems in your response plan are fixed. Allocate accountability for communicating with stakeholders, including customers and the media.
Strengthen your perimeter. Use security solutions to find and prevent threats before malicious actors can infiltrate your systems. Use detection and monitoring controls that are tested and verified. Decrease your exposure to attack and reduce access to your data as much as possible.
Strengthen your remote access management policy and procedures. Implement multifactor authentication for VPN access, IP address whitelisting, limits on remote desktop protocol (RDP) access, and additional inspection of remote network connections.
Fortify your endpoint protection. Guard your devices against typical as well as innovative malware. Check your security software to ensure it works as it should, and use it in your broader detection-and-monitoring program.
Protect supplier portals and other externally facing applications via multifactor authentication and risk-based authentication, particularly for applications that enable a supplier (or a cybercriminal pretending as a supplier) to change bank account data, redirect payments or make other changes that could influence financial payments.
Strengthen financial and treasury controls so that call-backs or confirmations of emailed payment and change requests are required.
Incorporate other functions such as Financial Controls, Treasury, and Fraud teams to improve the prevention and detection of scams. Expand your vision of attacks and jeopardies during the pandemic. To improve detection, monitoring, and to hasten replies, team up with management and fraud management teams.