How has Covid impacted the cyber sector?
It’s been more than two years since the first stories of COVID-19 hit the news, and so much about how we live and work has changed during that time. The global pandemic affected every area of business in economies the world over, resulting in financial losses and closures, especially for small enterprises and start-ups. It also bought with it a ‘new way’ of working for many corporations and office-based businesses, hugely accelerating the growth of remote working environments for employees in every sector.
Securing the ‘new normal’
Remote working and ‘work from home’ setups were not a new concept and many organisations already had hybrid working models in place years before the spread of coronavirus, making the adjustment straightforward to implement early in the pandemic. This was also essential for helping businesses to survive during lockdown, but the unprecedented scale of this shift has bought with it a raft of fresh cyber security concerns. This has remained the case even though many countries have now lifted their restrictions in a bid to return ‘back to normal.’
So, how has working from home challenged business security systems and what can be done to mitigate the risks? We have identified some problem areas and suggested ways in which organisations can tighten security around remote access and transferring data across multiple networks.
COVID-19-related cyber scams
Since early 2020, we’ve seen a vast number of phishing campaigns linked to COVID-19, with fraudsters attempting to collect clicks, personal data and money through emails offering bogus coronavirus cures, tax refunds, health tips, virus updates and charity donation opportunities.
With every new wave of cases, strains of the virus or restriction change, there is renewed potential for hackers to send emails (fake omicron testing messages are a prime example) and for readers to unknowingly open them. So, we expect COVID-19-related phishing to remain a significant threat to business security over the coming months.
Organisations can protect themselves from phishing attacks by implementing technical controls and having policies and procedures in place for handling suspicious or unsolicited emails if they do manage to get past security. The recipient should never reply, download attachments, or open any links provided in emails that are deemed to be suspicious, nor should they copy and paste links from untrustworthy sources. It is also worth noting the sender’s email address to flag and block future correspondence and check the legitimacy of the IP (Intellectual Property) address that the email has come from. Cyber security awareness training is recommended to help employees become more vigilant against common cyber attacks like phishing and understand the importance of good cyber security.
Gone are the days of businesses accessing the same local network from everyone working in the office. Today’s work environment relies on cloud technologies, remote server access and third-party software to enable shared working and collaboration. Again, the technology was already being widely used before COVID-19. The difference now is that users are always logging in from a variety of networks from multiple locations which undoubtedly presents ongoing security challenges for businesses post-pandemic.
Unauthorised personal devices (BYOD (Bring Your Own Device) and shadow IT) relaxed physical security, unsecured networks, and limited access to IT support all make remote access points appealing for hackers. Organisations can keep their IT systems secure primarily by equipping devices used to access the company network with antivirus software, firewall protection, and putting a robust backup and restore system in place. Other security measures include using 2 Factor Authentication (2FA) for logging into the network, providing a Virtual Private Network (VPN) for remote worker access, and using cloud-based platforms for communicating and collaborating on files and folders.
Dealing with new technology
Businesses can greatly boost productivity with new and improved technologies being made available to them in the wake of COVID-19. For example, video conferencing, remote collaboration tools and file-sharing services are all now an essential part of business infrastructure and are under constant review by software providers to improve integration and stability, fix bugs, and roll out updates on a massive scale. The downside of course is that this makes B2B and SaaS products and services an obvious target for cybercriminals.
For example, early in 2020,the stolen credentials of more than half a million Zoom users were put up for sale on the dark web, which occurred right after the video conferencing platform experienced a huge spike in traffic.
While businesses cannot directly manage the security of third-party software, they can ensure that employees download programs from trusted locations and are briefed on how to use them. Employees can then report any unusual or unexpected activity, such as system crashes or receiving unsolicited emails from vendors.
Increased pressure and managing risks
Whether they’re playing catch-up from an incredibly difficult two years or still struggling with COVID-related absences, most businesses are under unprecedented pressure to perform – and it’s in environments like these that both managers and their employees are most likely to make costly mistakes.
In the haste to adopt new technologies and maintain productivity, it’s inevitable that some businesses will cut corners on cyber security. Laptops might be issued to employees without full disk encryption, for example, or security training could take a back seat during staff onboarding. Shortcuts like these can make any organisation vulnerable, even if they seem to be helping in the short term.
Instead, every business should have cyber security policies and procedures in place regardless of the size of the company, which are regularly reviewed and accessible to all employees. People often unwittingly present the biggest security risk to organisations, so regular training and information sharing are crucial for fostering a culture where cyber security is integrated into everyday working practices.
At Bulletproof, we provide cost-effective and engaging Cyber Awareness Training for organisations of every type and size. Contact us for more information on how we can help your employees secure your business for the future.
We find and fix your vulnerabilities
At Bulletproof, we’ve witnessed unprecedented changes in technology, people and processes over the last two years, all of which affect the cyber security landscape. It’s unsurprising that many businesses are struggling to stay on top of the latest threats in such uncertain times, but there’s no need to become vulnerable.
Make your business bulletproof!
If you are a business owner looking for a reputable company to test your IT infrastructure, look no further than Bulletproof. Based in the UK, we are a CREST-certified cybersecurity company with long years of experience in the areas of penetration testing, threat monitoring and protection, as well as incident response. Contact us and get a free quote today!Get a quote
Trusted cyber security & compliance services from a certified provider
Get a quote today
If you are interested in our services, get a free, no obligation quote today by filling out the form below.