A global pandemic has forced us to stay home, wear masks and left most businesses with no option but to have their staff work remotely. But while we might be safe from the world outside our front door, what about the threat from inside the office, in the shape of cyber attacks during the COVID-19 ?
There are always two sides to a coin. And while some people will take this crisis on with vigour and renewed entrepreneurial energy, others will take the criminal route of benefiting from unsuspecting and vulnerable business systems.
In the last month the number of cyber attacks in South Africa have increased with an alarming rate. According to the latest research more than 300 000 devices have been hacked in the last 20 days only.
Types of cyber attacks
Leak of confidential information
Unauthorised manipulation of data
Theft or impersonation
Interception of communication
Are you working from home?
Did you set up workstations at your employees’ homes using the company computers and have you taken the necessary precautions if you happen to be one on the receiving end of such an attack?
What can you do from the business side?
If you are not an essential service and your staff are working remotely. Perform a cyber risk assessment:
- Firstly, create awareness and train your staff.
- Have a response team in place so everyone knows what to do, should an attack be detected.
- Make sure you have a system in place that detect these incidents.
- Make sure your remote components are secure.
- Ensure that all mobile devices are also protected and double check your settings.
- Ensure that only authorised people, such as management has access to your valuable data.. It’s a good idea to set passwords.
- Ensure that you are using end-to-end encryption (E2EE) where only the communicating users can read the messages. The system prevents eavesdroppers (including telecom and internet providers), preventing data being read or secretly modified.
Be cautious of the following:
The COVID-19 map
There are fake maps doing the rounds. If you open one of these and click on the link you either allow access to the data or you are loading malware onto your computer.
Fake WHO notifications
A new trend is to create and spread emails claiming to be the World Health Organisation. When you open the email, you are required to click on a link which will then redirect you to a page that requires your personal information to be seen. As soon as you click on these links, you have already exposed yourself and maybe even your company to potential cyber attacks.
Avoid all communication from WHO, except if you are 100% sure of the source.
Corona titled websites
In the last month, more than 4000 websites have been created with the word corona or covid 19 in the title. 3% of these are fraudulent and created by hackers.
Zoom is a video communication application that operates through a cloud-based peer to peer software platform. It is used for teleconferencing, telecommuting, distance education and social relations. Zoom users went from 10 000 000 a day to 200 000 000 virtually overnight.
I became apparent that Zoom Video Communications, Inc. was ill-equipped to handle this many traffic and it started showing in the amount of cyber attacks picked up through Zoom meetings.
Always set a password when setting up a new meeting, this way you control who can join in on the meeting.