The COVID-19 pandemic and resulting shutdowns have imparted many lessons in cybersecurity for businesses and organizations across the US. The massive migration to working from home for many institutions and groups has created a new normal of digital communication and data transfer. Many of the network security issues that have risen to the top are not new, but the crisis has served to either amplify or moderately transform the threat factor posed by these developments.
Here are six of the top cybersecurity lessons we have learned from the COVID-19 pandemic:
Cybercrime Still Using the Same Tricks
It should come as no surprise that hackers and cyber scammers are falling back on their more common tactics, but it is still worth noting that they seem to be regrouping around these older strategies. Cybercriminals are susceptible to same disruptions affecting everyone else, and may even be seeing newcomers seeking to replace lost income sources join their ranks. The traditional methodologies have proven themselves effective precisely because they rely on the thing it is always hardest to defend against – human error.
Phishing Reigns Supreme
It is also not surprising that phishing emails are still the preferred technique for network breaches. Business email compromise is still one of the most efficient vehicles for breaking through (or, more accurately, slipping through) safeguards and gaining direct access to users and their data. This avenue presents many options for execution to a persistent hacker, from credential stealing to malware delivery. This is also one of the reasons that ransomware became prolific, as it can be transmitted silently through the right spoofed email or phony domain, and just as quietly move to lock down files before even being noticed.
Hackers Rely on Emotions – Panic, Desperation, Anxiety
The COVID-19 crisis has certainly made clear just how predatory cybercriminals can be, with hospitals and healthcare workers on the frontline of the pandemic often being the hardest hit. Many have also tried to leverage the fear, uncertainty and misinformation surrounding both the coronavirus itself and the disruptions it has caused. Phishing emails that have gone out since shutdowns began to be implemented have included language around cures, tax relief and unemployment loans, seeking to take advantage of those trying desperately to find the right information.
Data is in Everyone’s Hands
With many companies having the majority of their employees work from home for the first time, it is becoming increasingly clear just how important the user is in data protection strategy. Millions of remote workers are logging into remote computers and cloud servers, potentially with unsecured personal devices and network connections. Data is being shared between several internal and possibly even external parties, including partners and former employees.
Telecommuting Needs Cybersecurity Practice and Training
Working from home is an entirely new environment for many, and it shows in just how many newly telecommuting employees are ignoring even standard cybersecurity procedures. So much education and training language focuses on the office worker’s role in network security, with limited oversight for traveling and remote users. The new normal requires new ways of thinking, and the top of this list should include improved training for employees that work from home while still logging into a business account.
Your Tools and Credentials Need to be Secure
The Zoom video conferencing app saw an increase of several hundred million daily users once COVID-19 forced everyone to work from home – it also saw a huge surge in data security gaps and scrutiny. Digital communication tools have enabled everyone to adapt the pandemic and minimize disruption, but they also require network hardening and oversight to prevent being used by hackers. Webcams, microphones, and motion sensors can be exploited by malware and unpatched remote code execution (RCE), so keeping your software and hardware up to date is critical when telecommuting.
Don’t Let the Cybersecurity Lessons of COVID-19 Go to Waste
There are many cybersecurity lessons being learning during COVID-19 and likely still more to come. However, often these just reinforce known truths about protecting your network and data. Ensure that you have all the support you need to defend against phishing, ransomware and more in this pandemic by engaging an MSP like SWK.
Contact SWK Technologies today to learn more lessons about protecting your IT investment.
