The coronavirus pandemic had a swift and significant impact on the way many businesses in Canada operate. Almost overnight, entire organizations had to pivot to remote work, as governments initiated measures to stem the tide of the virus. Even as plans to reopen gradually progress, businesses are still being encouraged to allow employees to work from home as much as possible.
In the not-so-distant past, working remotely was considered a nice-to-have in the corporate world. However, most companies never considered this would become business as usual, and were caught unprepared to deal with the cybersecurity threats during COVID-19.
With this new reality of remote work (also known as teleworking), cybercrime risk has increased. Employees are required to work remotely using their home network, with connections that are outside the bounds of perimeter security—home-based networks do not typically have a firewall to protect internet traffic.
Organizations may now find themselves vulnerable to additional cyber risks, which can impact the confidentiality, integrity, and availability of key data and information systems.
What are the top 5 cyber risks when working remotely?
Protecting your organization starts with understanding some of the biggest risks:
1) Lack of defined remote work policy
Employees that may be unfamiliar with approved remote work solutions may have the ability to install various open source software, for collaboration with other employees or customers. These programs may or may not be secure or in compliance with corporate information security and privacy controls. They could even be malware that could damage your data and/or systems.
2) Increased system demands
IT teams may have to defer the regular patching schedule on critical assets to keep network operations stable and available. The increased demand on keeping the remote infrastructure available may limit allowable downtime for patching and updates.
3) Insecure devices and networks
Utilizing home computers or insecure home Wi-Fi networks to connect to and perform work may lead to security breaches, data leakage, and disruption in business operations due to the inadvertent installation of malicious software. When you ignore securing your network, your business is exposed to hacking, hijacking, and other cyber threats.
4) Inadequate virtual private networks (VPN)
An insecure and/or outdated remote access VPN infrastructure may lead to systems being unpatched or users accessing malicious websites.
5) Cyberattacks and fraud attempts
Business email compromise through the spread of malicious content related to COVID-19 may include the use of false or misleading guidance, fictitious new updates, or fake coronavirus global dashboards, to name a few.
Recent cybersecurity incidents
Organizations all over the world have already beenwere affected by COVID-19-related cybersecurity attackscyber threats during COVID-19. Some of the more high-profile incidents include:
The Canada Revenue Agency (CRA)
Two separate cyber attacks on the CRA affected thousands of accounts, leading to compromised or stolen personal information as well as fraudulent claims for the Canadian Emergency Response Benefit (CERB). The attacks were known as ‘credential stuffing' where attackers use usernames and passwords stolen from other websites or previous attacks.
Cyber attackers targeted Twitter employees with a social engineering attack. The breach allowed them to gain access to several high-profile accounts and use those accounts to run a cryptocurrency scam.
The World Health Organization
Throughout the COVID-19 crisis, WHO has beenwas targeted multiple times by cyber criminals. According to a report from Threatpost, a group of hackers known as DarkHotel is suspected of creating a fake website to try to steal passwords from WHO staff members. In another incident, attackers created false email addresses and domains to fraudulently solicit bitcoin donations in the name of WHO's legitimate charity, the COVID-19 Solidarity Response Fund.
How can businesses protect themselves against cyber attacks?
While the incidents above are more high-profile examples, the fact is that no organization is too big or too small to be targeted by cyber attackers.
Confirm all requests for payment
If you, or a staff member, receive an email asking for transfer of money or invoices to be paid, it's crucial to verify the legitimacy of the request. As a best practice, pick up the phone and confirm the person is who they say they are.
Disable digital assistants
Disabling digital assistants such as Alexa or Google Assistant, or at least not talking to clients within earshot of such devices, is highly recommended. Depending on how you may have configured the privacy and security settings on Alexa and Google Home devices, they may or may not necessarily record you, but it provides a window of opportunity for a potential hacker. Review and increase your privacy and security settings on these devices.
Secure home Wi-Fi
Users should use strong authentication techniques, such as WPA2, to authenticate and connect to home networks. Consider using strong passwords of 12 characters and changing passwords after changing the authentication technique.
Patch your systems
Periodically check systems for missing patches and outdated antivirus definitions. Consider implementing Network Access Control (NAC) to check the security hygiene of endpoints before allowing remote access to the infrastructure. Ensure your systems, including VPNs and firewalls, are up to date with the most recent security patches.
Increase cybersecurity awareness
Conduct cybersecurity awareness campaigns within your organization to increase knowledge about phishing attacks, especially those related to COVID-19. Update security training for staff and stakeholders to inform and educate them about cybersecurity practices, such as detecting socially engineered messages.
Remote access
Re-evaluate your cybersecurity measures in anticipation of the higher demand on remote access technologies, and test them ahead of time. Validate that the remote desktop client has been configured appropriately and is secure. Ensure your work devices, such as laptops and mobile phones, are secure. Implement multi-factor authentication for remote access systems and resources (including cloud services)
How BDO can help?
We understand the cyber risks and challenges that today's businesses face, especially during periods of uncertainty and disruption. Our team of cybersecurity professionals has the experience to assess and secure your infrastructure as well as help you respond to potential cyber incidents your business may experience during the COVID-19 crisis.
Sources: