The COVID-19 pandemic has reshaped the way we work. Unfortunately it has also increased the threat of cyber attacks. One of the most problematic forms of cyber threat are phishing emails. These types of attacks can have serious consequences, resulting in impacts to core business functions and productivity.
Since March 2020, the Australian Cyber Security Centre (ACSC) has received over 1,100 reports about COVID-19 related scams, with hundreds of thousands of dollars in reported losses. In this article, we’ll look at why the risk of this type of threat has increased during the COVID-19 pandemic and what you can do about it to protect yourself and your team.
It is an unfortunate reality that cybercrime actors have pivoted their online criminal techniques to exploit the COVID-19 pandemic. The ACSC reports that around two Australians per day are losing money or personal information to COVID-19 themed scams and online frauds. It has additionally responded to 20 cyber security incidents affecting COVID-19 response services and removed over 150 malicious COVID-19 themed websites.
In these targeted phishing and spear-phishing attacks, cybercriminals try to lure people to fake websites in order to collect personal information or useful data such as login or platform credentials. This includes many instances of phishing emails sent to users directing them to the Center for Disease Control (CDC) or equivalent national health or medical websites to solicit user credentials or passwords.
The current climate has created a new landscape and attack vectors for cybercriminals to exploit. One of the main factors for this has been the dramatic increase in remote working. With more than half of Australian workers moving to remote working, this has created new cyberattack possibilities.
Personal devices used in the home are rarely as secure as dedicated office equipment installed and maintained by IT staff. Remote communication channels like Slack or Zoom can also be hacked.
COVID-19 has additionally created cultural shifts where workers are more anxious or distracted from their normal working routines and attitudes. Cyber criminals can take advantage of COVID anxieties by asking for donations. Malicious actors can pose as CEO’s or government officials over the phone to obtain banking information or to install malware.
The Best Protection Measures
There are a range of effective strategies to help tackle the increased cyber threat from COVID-19 related phishing attacks. These are a combination of changes to hardware, software, and devices as well as employee awareness and training.
- Using VPNs for all remote workers.
- Making sure all devices in use have up to date antivirus and firewall software and that third-party software is updated.
- Establishing a dedicated hotline or service desk capabilities to report any phishing attempts or security concerns.
- Conducting an internal security assessment and review. This is an area that FinXL specialises in and can assist you with.
- Ensuring that business leaders and managers are up to date with the latest threat levels and security policies to manage cyber security risks.
- Conducting employee training and awareness programs to inform staff of the increased risks posed by the pandemic and specific COVID themed phishing attacks.
- Developing a crisis response plan in case of an attack and educating your employees on what to do if they receive a phishing email.
- Creating an open line of two way communication with staff to share regular updates on how the organisation is handling cyber security threats and allowing staff to provide feedback.
Cyber security is serious business. Both during the COVID-19 pandemic and beyond. As new technologies and work practices develop, so do the skills and strategies of cybercriminals. If you’d like to learn more about how to conduct a comprehensive security assessment or boost your organisation’s cyber security measures, talk to FinXL.