The rapid spread of the COVID-19 coronavirus has caught many organizations off guard and forced them to reconsider the way they do business and manage their workforce. Some have responded with expanded remote work policies, while others are turning increasingly to various online services to help them meet their business needs.
Unfortunately, the situation has exposed many of them not only to a deadly virus, but also to a range of cybersecurity threats. As companies shift to working remotely, they are often finding that their security controls are not quite up to the challenge of managing a distributed workforce. As recent cyberattacks have shown, it’s more important than ever for organizations to protect their cyber infrastructure.
On March 15, cyber attackers launched an assault upon the US Department of Health and Human Services (HHS) in an attempt to slow down the agency’s computer systems as it ramped up capacity to handle the COVID-19 crisis. Fortunately, the attack did not result in a data breach or compromise key functions, most likely because the agency had taken steps to strengthen its cybersecurity posture as part of its preparations for managing the ongoing crisis.
Around the same time, federal officials identified a series of false information campaigns related to the attempted hack. These campaigns took the form of text messages that suggested a national quarantine was imminent and that people should immediately stock up on supplies. While the information was quickly debunked, these fake messages continue to spread through text chains and social media.
The World Health Organization (WHO) was also targeted earlier in March by a malicious site mimicking its internal email system in an attempt to steal passwords from agency staffers. While the attack was unsuccessful, it was part of a broader increase in attacks against the organization. According to WHO officials, the number of cybersecurity attacks has more than doubled in recent months. Cyber attackers have also launched various online campaigns posing as the WHO to steal money and sensitive information from people who are trying to provide assistance to the organization.
Indeed, cybercriminals have been quick to adapt to the crisis. Security analysts from Kaspersky have already identified several new malware variants named “Coronavirus” or “Wuhan Virus” that are seeking to take advantage of the increased search engine traffic. Just as digital marketers are using coronavirus-related keywords to help their content rank high in organic searches, hackers are using the same strategies to push malicious files and links higher up the results page to ensnare unsuspecting users.
Similar lines of attack have come from phishing scams utilizing the infamous Emotet malware. Japan was the first country to be targeted due to its proximity to China, where the outbreak first originated. Attackers used a malspam campaign to send out emails claiming to have important information about coronavirus. Like other sophisticated phishing attacks, these emails looked like they were being sent by legitimate government health agencies.
As organizations increasingly make the transition to using a remote workforce, it’s more important than ever for them to ensure they have the cybersecurity measures in place to protect their data and essential systems. While most of the world is working hard to come together in a time of crisis, it would be naive to expect that cyber attackers will scale back their attacks on cyber infrastructure.
Fortunately, the best practices for network security still apply even in this difficult moment. If anything, adhering to these practices is more important than ever before. With so many people working remotely, organizations need to make sure they’re securing their endpoints and tightening access controls. Here are a few steps they should be taking to strengthen their cybersecurity posture:
It may not seem like a dramatic step, but one of the best ways to protect network systems from cyber attackers is to ensure that all software, operating systems, and configurations are patched and updated to the latest available versions. Hackers routinely prey upon systems with unpatched and out-of-date network configurations that include known exploits and vulnerabilities. Since these systems can typically be brought up-to-date with minimal cost and effort, there’s really no excuse for letting this vital step fall to the wayside.
Network security firewalls act as a filter for traffic coming into a network. Properly configured, they can screen out potentially malicious data packets and protect essential systems from infection. Firewalls can be set up to provide more than just perimeter security, however. By installing them on a per-app or per-endpoint basis, they can create multiple layers of defense to identify and stop threats that make their way inside the network’s outer perimeter.
As the COVID-19 pandemic pushes more companies into working remotely, it’s a good opportunity to consider which employees have access to essential data and systems. By starting with the assumption that every user account could potentially be compromised, organizations can begin to scale back risk by restricting access based on title or job role. Most employees only need to be able to access the data and applications that are related to their responsibilities. Allowing them to access other portions of the network creates an unnecessary vulnerability that can be exploited by an attacker who manages to gain access to their account.
Speaking of which, few network security measures are as essential (or as easy) as educating employees about the best practices for minimizing risk. Remarkably, many companies spend huge sums of money to protect their cyber infrastructure from attacks only to suffer a data breach after an employee opens a malicious file attached to a phishing email. Weak passwords, unsecured home WiFi connections or personal devices, and careless handling of data can all be exploited by hackers looking to gain access to critical network systems. As more employees shift to working remotely, it’s more important than ever for companies to educate them about proper security procedures and provide updates about emergent cybersecurity threats. Implementing stronger checks like enterprise password managers, multi-factor authentication, and zero-trust network access (ZTNA) can also go a long way toward ensuring that employees are adhering to best cybersecurity practices.
For organizations that don’t have the resources to hire a dedicated Chief Information Security Officer (CISO) who can develop, implement, and manage cybersecurity policies to minimize risk, partnering with a virtual CISO (VCISO) can help them achieve the same goals. A VCISO team typically comprises experienced cybersecurity experts who can collaborate closely with their clients to design a security program that fits their unique business needs. Once that plan is implemented, a VCISO service can monitor network activity and respond to cybersecurity attacks when they do occur.
Available around the clock and constantly gathering information about the latest cybersecurity threats and trends, these teams have the tools and resources necessary to keep essential systems secure and performing at a high level. With many companies now working remotely, adding a flexible VCISO service to serve as an extension of their IT teams makes even more sense.
At Compuquip Cybersecurity, we’ve been helping organizations strengthen their network security programs for decades. As a fully remote organization, we understand the cybersecurity challenges that come along with the virtual workplace and can provide the guidance you need to ensure your critical cyber infrastructure remains secure for your customers and your distributed workforce.
Contact us today for a consultation to find out what our cybersecurity solutions can do for your business.