The security industry has been forced by COVID-19 and the subsequent social distancing guidelines and regulations to reimagine its practices. Changes to the nature of work have created new vulnerabilities and worsened existing ones. Fortunately, most of these issues can be addressed effectively with minor modifications to tried and tested security practices.
How COVID-19 Has Affected Cybersecurity
There are two primary effects of the coronavirus pandemic that are relevant to protecting digital systems. The first is that people are working remotely at a scale that has never before been seen. The second is that people are nervous and looking for answers, making them more vulnerable to social engineering attacks.
1) Remote Workers on Personal Networks
When people are working from home, they are connected to company resources from their personal networks (or other networks outside the control of the cybersecurity team). These networks typically have minimal security and may be easily exploited by hackers.
Under normal circumstances, it is difficult for a would-be attacker to know when a personal network is being used to transmit sensitive information, minimizing their usefulness as an attack vector. However, with the COVID-19 remote work trend, there is a far higher chance of people working remotely and accessing valuable data from home.
2) Increased Phishing
Some members of the security industry have noted an increase in phishing attacks. This has always been one of the most commonly used and most effective forms of attacks for threat actors. However, the coronavirus situation has made them more prevalent and, in some ways, more effective.
Specifically, phishers are targeting people’s worries about health. Many people are anxious and fearful, making them more susceptible to phishing that targets those worries. One curious attack used free food delivery as a lure due to changing dining habits. Additionally, vishing (voice phishing) has taken a COVID-19 twist. Again, scammers are using health-related lures to trick vulnerable targets.
3) Unencrypted Communication
Many teams have had to rapidly implement remote communication systems to enable people to continue working. This resulted in the adoption of various tools that were selected by users for their features rather than their cybersecurity.
For example, Zoom notoriously experienced security issues during the pandemic. Problems like these put organizations at risk as they may send unencrypted signals containing sensitive information. Spying on video conferences is a relatively simple but serious attack.
4) More BYOD
More people are using their personal devices for work. When they begin returning to their workplaces, some may want to continue using those devices. While bring-your-own-device policies can be a useful way to contain costs and allow employees to their preferred devices, they also open a host of security issues. The security industry should be prepared to respond to the added vulnerabilities of personal devices.
Six Ways to Defend Against COVID-19-Related Threats
The current number one question in the cybersecurity community is how to respond to coronavirus-related challenges. The following six strategies are far from revolutionary; however, implementing them with updated twists should help curtail many of the above-mentioned issues.
1) Implement Secure Technologies
Where possible, source and implement more secure alternatives for the types of solutions that team members want to use. For example, prevent people from using unencrypted software solutions and use an encrypted alternative.
Additionally, give people a way to connect more securely to company resources. Every team that is not yet using an encrypted VPN should be doing so. This can help mitigate some of the problems with working from home. Similarly, consider requiring antivirus software on all connected devices.
2) Improve Password Policies
As always, people using poor passwords is a major problem. Updating password policies and implementing strict enforcement can help. However, the more beneficial approach to passwords is to explain common password problems and set team members up with solutions to help them create and remember strong passwords. For example, consider a secure, encrypted password manager to prevent weak or reused passwords.
3) Plan for Long-Term WFH and BYOD
Addressing the security issues related to working from home and bring-your-own-device should not be a patchwork in response to COVID-19. Instead, there needs to be a robust plan for how to secure personal devices and connections from remote networks. Don’t attempt to simply respond to the latest cybersecurity threats. Instead, assume that people will continue WFH and BYOD and need appropriate technologies and policies.
4) Address Phishing Emails
Phishing is one of the most reliable tools that cybercriminals have at their disposal. Sadly, though many of the popular phishing techniques are known, people continue to fall for them.
This can be addressed with user education highlighting the most noteworthy recent problems. Additionally, updating spam filtering rules in response to new types of phishing can eliminate many threats.
5) Establish User Training
As mentioned, the key vulnerability of all systems is social, not technological. Users are the weak points. Implementing new training solutions to ensure people are up to date on the latest threats and policies can help significantly.
These need to be well-designed. Don’t create or buy training courses that are designed for technologists; most users are not that tech-savvy. They need information that is relevant and useful to them.
6) Keep People Engaged and Up-To-Date
With the above tip in mind, make sure to continue updating training resources. This is a solution that should persist beyond COVID-19. Connect regularly with employees and provide them with new information about cybersecurity. Providing topical and interesting information is a great way to achieve this. As an immediately actionable step, provide users with details on common coronavirus-related scams.
Bold Group Security Products Can Help Protect Your Systems
Enhance your digital and physical security with Bold Group’s Security Intelligence products. Bold’s backStage can help you implement layered cybersecurity to protect your organization in the new normal. Network Navigator helps improve IT service delivery even in remote environments. Contact us today to learn more about how Bold Group can help you respond to COVID-19-related threats.