As with other world events that tend to distract, cyber criminals are increasingly targeting individuals and firms with phishing emails, Covid-19 is not only a significant public health issue but also highlights the need for good cyber hygiene.
CertNZ (NZ Governments agency for cyber security) is warning about an increase in cyber threats driven by the unrest and uncertainty the Covid-19 situation has brought about. This is particularly relevant given that we have now reached Alert Level 4, with most staff working from home.
What can firms do?
- Firms must continue to educate their teams, reminding users to be hyper vigilant for scams and phishing attacks including those sent via txt message.
- Ensuring multi-factor authentication is rolled out for all users for all business-critical applications.
- If you have a BYOD policy – review it, ensure its relevant and fit for purpose.
- Update your password policy – NIST has advocated for an end to the practice of expiring passwords.
- Ensure everyone is on the same Windows 10 build and that patching is being done. It’s important to note that times of chaos can be attractive to criminals, so deploying security patches at a faster cadence can be a pragmatic preventative measure.
- Update and distribute ‘How-to and etiquette documents’ on how to use platforms like Microsoft Teams.
- Ensure lockout policies are relevant and educate staff on keeping IT equipment secure.
The threat is real
“Cybersecurity researchers around the world are already reporting that nation-state threat actors are using bots and other online accounts to spread deliberate misinformation about the coronavirus, and to send targeted phishing attacks to users in countries where the virus has gained a foothold.”
This has also been reported by CertNZ who are seeing an increase in reports of cyber criminals using the COVID-19 pandemic to carry out opportunist online scams and malicious cyber activity.
Examples include the use of the COVID-19 pandemic to trick people into:
- Downloading malware from COVID-19 maps
- Enter their details into phishing websites
They are attempting to either access sensitive company information or embed ransomware and/or use the compromised firm to gain access to a third party.
You can learn more about this at CertNZ.
Best practices reminders for remote workers
- Individuals must remain vigilant and apply all cyber security training their workplaces have provided, if in doubt or unsure about a strange email or text message, ask! This is critical now that most people will be working from home.
- Remote workers should only work on computers provided by their firm not on home computers.
- Multi-factor authentication should be mandatory.
- Require audio and video confirmations of adhoc or out of cycle financial transactions.
- Do not enter your password or login credentials into any websites relating to the COVID-19 virus.
- Always keep your devices up to date.
Vigilance and cautiousness are key and will help to ensure that a cyber security breach is not something you or your company will also have to worry about in the weeks to come.