As most of the world has been paying attention to COVID-19, cyber criminals have been gearing up to take advantage of this pandemic by initiating various kinds of exploits. With a significant number of employees working remotely, companies are challenged as IT resources become stretched and secure corporate firewalls may not be in place on home networks.
In a recent interview with AM Best, Scott Stransky, Vice President of Emerging Risks at AIR, mentions how people have let their guard down about cyber attacks, mainly because they are much more concerned about other things related to COVID-19. As people feel more panicked and rushed, they are actually clicking on content that uses typical social engineering tricks, most of which they would otherwise ignore. For example, a user working at home might open an email that looks like it’s from their CEO with the latest information about a company’s continuity plan, or perhaps one that looks like it’s from the CDC with an important update—when those emails were actually from a bad actor.
In addition, as an unprecedented number of employees work from home, there are increasing aggregation risks. During just one week in March, videoconferencing apps saw a record 62 million downloads. People are undoubtedly relying heavily on meeting software programs, such Teams, Zoom, and Skype, which can be hacked or incur downtime leading to business interruption loss.
It is more important than ever now for employees to follow company guidelines on internet use and using personal devices for work. Here are three ways you can minimize cyber security risks:
1. Update Your Device’s Protection
Your first line of defense is making sure that the anti-virus protection for all of your devices (including the router) is up-to-date. Where it is available on your accounts, use multi-factor authentication. And use only known and secure connections; hackers can easily connect to your device, for example, if you are using Bluetooth in a public space.
2. Ensure Your WiFi Is Secure
Work only with secure, password-protected internet connections and avoid using public WiFi. Never use public WiFi to access confidential information. Hackers can mimic secure networks, and if you fall for this trick they can infect your machine with malicious files and access everything you do online.
3. Expect Phishing Emails
People get tricked into responding to phishing emails because they believe they are doing the right thing and because people often see what they expect or want to see. A crisis such as this uncertain time makes some people anxious and puts all of us in new and unexpected situations—circumstances that cyber criminals exploit.
Furthermore, to combat most hackers, all your accounts (particularly Office 365 email accounts) should be protected with multi-factor authentication. There is no substitute, however, for personal vigilance. If you are suspicious of an email, even an internal company communication, contact your IT department to verify its authenticity.
The COVID-19 pandemic has caused global disruption and is changing the landscape of cyber security threats. It’s always best for employees to proceed with caution and report suspicious computer prompts, emails, or text messages, especially during the current pandemic. You can read more from Verisk’s top cyber security experts in, Cyber Security in Uncertain Times.