Emotion and stress are running high. With the dark cloud of COVID-19 hanging over us, society has gone into survival mode. We’re trying to juggle working from home, while also caring for our families and home schooling our children. We’re trying to continue business as normal, while keeping our distance from others to prevent further spread of the novel coronavirus. But without a doubt, the top priority is everybody’s health and safety.
In these unprecedented times, it’s easy to let the monstrous challenges we’re facing distract us from mundane or routine tasks – one such task being the practice of good cyber hygiene. It’s easy to dismiss the importance of securing your network or changing your email password when there’s a deadly pandemic threatening the global population. But these procedures need to stay top of mind for businesses and their employees, especially as society shifts to remote working.
Over the past week, there have been many coronavirus-related email scams and cyber incidents reported around the world. There have been instances of hackers spoofing emails from trusted sources, such as government bodies and health agencies, pretending to offer coronavirus tips and advice. What really happens when the victim clicks on the embedded tip sheet, is their system is infected with malware, or in some instances, it’s encrypted with ransomware. That’s just one example of how hackers are exploiting the current situation with COVID-19.
“Hackers are exploiting human emotion,” said James Crowther (pictured), general manager of emerging risks at Agile Underwriting Services, an underwriting agency and Lloyd’s coverholder. “They’re using techniques such as social engineering and spear-phishing scams, which are both well-known attack vectors for achieving business email account compromise, to exploit people in this new world that we’re living in, which is preoccupied by COVID-19. They’re luring individuals to click on attachments or links in emails to trusted websites that have been spoofed, such as the World Health Organisation (WHO), and because this is a time of vulnerability, they’re able to get a lot more traction and perpetrate their fraud a lot quicker.”
At times like these, it’s important for businesses and employees to remember cybersecurity basics. All organisations should practice good cyber hygiene, but now is the time to ensure that their governance and enterprise risk management (policies, procedures and controls) is effective and is enforced appropriately as people work from home.
“There are multiple steps businesses can take to mitigate their cyber risk at this time. First up, they should review, refresh, train, and remind employees of all relevant security policies and practices, and that these things don’t change if they’re working from home. They should also make employees aware that phishing and social engineering threats are increasing,” Crowther told Insurance Business. “Businesses should mandate employees’ use of private Wi-Fi networks. If they’re in a public place, they should use a mobile hotspot from a smartphone or a dedicated device to access a secure connection.”
Another thing that’s really important, according to Crowther, is maintaining good password hygiene. That means the use of robust passwords, which are long, complex and diverse in terms of characters, numbers, and so on. People who are logging in at home might be tempted to use a familiar password – perhaps a pet’s name – across their personal and professional networks. If the home network is compromised, hackers have a good shot at getting into the work network.
“One of the key things is that employers require multi-factor authentication for company apps and networks, and, where appropriate, they should implement a reputable and robust VPN infrastructure,” Crowther added. “These are basic cybersecurity steps, and they’re all things you’d hope a prudent organisation would be doing anyway, but with the change in the workplace as a result of COVID-19, it’s important to review and revise company policies and procedures. Even if employees are working from home, they still need to adhere to company policies.”