The COVID-19 crisis has left many businesses unable to operate according to business as usual. As all levels of government look to stem the tide of the virus by limiting large gatherings of people, many businesses considered essential in nature are asking their employees to work remotely.
In the not-so-distant past, working remotely was considered a nice-to-have in the corporate world. However, most companies have never considered this would now be business as usual, and have been caught unprepared to deal with the cybersecurity risks and challenges this new world presents.
With this new reality of remote/teleworking, cybercrime risk has increased. Employees are required to work remotely using their home network, with connections that are outside the bounds of perimeter security—home-based networks do not typically have a firewall to protect internet traffic.
Organizations may find themselves vulnerable to additional cybersecurity risks, which can impact the confidentiality, integrity, and availability of key data and information systems.
What are the top cybersecurity risks when working remotely?
Protecting your organization starts with understanding some of the biggest risks:
- Lack of defined remote work protocols: Employees that may be unfamiliar with approved remote work solutions may have the ability to install various open source software, for collaboration with other employees or customers. These programs may or may not be secure or in compliance with corporate information security and privacy controls.
- Increased system demands. IT teams may have to defer the regular patching schedule on critical assets to keep network operations stable and available. The increased demand on keeping the remote infrastructure available may limit allowable downtime for patching and updates.
- Insecure devices and networks. Utilizing home computers or insecure home Wi-Fi networks to connect to and perform work may lead to security breaches, data leakage, and disruption in business operations due to the inadvertent installation of malicious software.
- Inadequate virtual private networks (VPN). An insecure and/or outdated remote access VPN infrastructure may lead to systems being unpatched or users accessing malicious websites.
- Cyberattacks and fraud attempts. Business email compromise through the spread of malicious content related to COVID-19 may include the use of false or misleading guidance, fictitious new updates, or fake coronavirus global dashboards, to name a few.
Recent cybersecurity incidents
Organizations all over the world have already been affected by COVID-19-related cybersecurity attacks. Some of the more high-profile incidents include:
- The U.S. Department of Health and Human Services (HHS). The department’s computer system suffered a cyberattack that sought to undermine the response to the coronavirus pandemic, which may have been the work of a foreign actor. Attackers attempted to overload HHS servers with millions of hits over several hours, aimed at pulling the agency’s systems down, but failed.
- The World Health Organization. Throughout the COVID-19 crisis, WHO has been targeted multiple times by cybercriminals. According to a report from Threatpost, a group of hackers known as DarkHotel is suspected of creating a fake website to try to steal passwords from WHO staff members.
In another incident, attackers created false email addresses and domains to fraudulently solicit bitcoin donations in the name of WHO’s legitimate charity, the COVID-19 Solidarity Response Fund.
- Hammersmith Medicines Research (HMR). Ransomware attackers targeted HMR, a UK medical facility with plans to test a coronavirus vaccine. The criminals stole confidential patient data from previous vaccine testing trials (unrelated to COVID-19) and threatened to publish the records online unless they received payment.
What can businesses do to protect themselves?
While the incidents above are more high-profile examples, the fact is that no organization is too big or too small to be targeted by cyberattackers.
Confirm all requests for payment. If you, or a staff member, receive an email asking for transfer of money or invoices to be paid, it’s crucial to verify the legitimacy of the request. As a best practice, pick up the phone and confirm the person is who they say they are.
- Disable digital assistants. Disabling digital assistants such as Alexa or Google Assistant, or at least not talking to clients within earshot of such devices, is highly recommended
Depending on how you may have configured the privacy and security settings on Alexa and Google Home devices, they may or may not necessarily record you, but it provides a window of opportunity for a potential hacker. Review and increase your privacy and security settings on these devices.
- Secure home Wi-Fi. Users should use strong authentication techniques, such as WPA2, to authenticate and connect to home networks. Consider using strong passwords of 12 characters and changing passwords after changing the authentication technique.
- Patch your systems. Periodically check systems for missing patches and outdated antivirus definitions. Consider implementing Network Access Control (NAC) to check the security hygiene of endpoints before allowing remote access to the infrastructure. Ensure your systems, including VPNs and firewalls, are up to date with the most recent security patches.
- Increase cybersecurity awareness. Conduct cybersecurity awareness campaigns within your organization to increase knowledge about phishing attacks, especially those related to COVID-19. Update security training for staff and stakeholders to inform and educate them about cybersecurity practices, such as detecting socially engineered messages.
- Remote access. Re-evaluate your cybersecurity measures in anticipation of the higher demand on remote access technologies, and test them ahead of time. Validate that the remote desktop client has been configured appropriately and is secure. Ensure your work devices, such as laptops and mobile phones, are secure. Implement multi-factor authentication for remote access systems and resources (including cloud services)
How BDO can help?
We understand the cyber risks and challenges that today’s businesses face, especially during this period of uncertainty and disruption. Our team of cybersecurity professionals has the experience to assess and secure your infrastructure as well as help you respond to potential cyber incidents your business may experience during the COVID-19 crisis.
To learn more about how we may be able to help you, contact:
Vivek Gupta, National Leader, BDO Consulting―Cybersecurity