COVID-19 is a rapidly spreading virus that is causing a fundamental shift in how business is conducted in every industry from retail, financial services, healthcare and more. Malicious attacks are rising during this time as hackers see the panic and opportunity to move swiftly to capitalize on fear and desire for answers. Security companies such as Proofpoint, Trustwave, Abnormal Security, RedMarlin, INKY and others have found a large spike in widespread phishing campaigns targeting end users looking for up-to-date virus information, medical and cleaning supplies, and remote working and collaboration tools. Companies need to be vigilant during this time and now, more than ever, implement strict security measures across their organization.
Below, we've curated some of our favorite COVID-19 security best practices and warnings from top cybersecurity experts.
Mark McClain, CEO, SailPoint
"As states like New York, California and others mandate work from home policies, we can only expect cybercriminals to take advantage of lax cybersecurity policies and at-risk networks. Working from home provides its own set of challenges for not just those working in this manner, but also those in IT and Security who support them. While you may be working from a private, secure network it is important to proceed with caution when accessing files, servers and software that you typically only access from a secure network.
I urge everyone working from home to do three simple tasks to protect their home networks – rename your router, change your Wi-Fi default password and turn on network encryption.
From an identity perspective, this influx of remote work will also have an impact on modern business and IT systems. When transitioning a large workforce to remote work, organizations must be sure that their network is ready to satisfy large numbers of requests and maintain a robust security approach that ensures everyone who is logging on is actually an employee and not a cybercriminal. Identity governance solutions can help with this and can provide organizations with the means of mitigating suspicious behaviors, anomalous activities and potential threats in real-time."
Shashi Prakash, Chief Scientist, RedMarlin
“RedMarlin’s CheckPhish.ai telemetry has detected thousands of attacks by cybercriminals with the intent of penetrating networks and stealing corporate data. These attacks use phishing web pages to intercept credentials and logins from new remote workers that may be unfamiliar with secure logins for remote working and collaboration tools, such as Microsoft Teams and Skype. With stolen network credentials, hackers can execute sensitive data-stealing attacks, malware payload deliveries or ransomware compromises.
Organizations need to ensure their newly remote workforce is educated on cybersecurity best practices and knows how to spot scam and phishing sites and emails related to COVID-19. We recommend using CheckPhish.ai, our free online resource, to quickly check to see if a link has malicious intent. Overall, continuous employee security training and education is absolutely needed. Best practices should be carried out well after this time of mandated remote work in order to thwart malicious attacks from hackers not just now, but well after the COVID-19 pandemic.”
Robert Chuvala, Principal Security Consultant at Trustwave
"Corporate policies and playbooks for incidents may never have taken into consideration so many remote workers. The majority of solutions more than likely involved face to face contact in the event of an infected laptop, an email client not working, or even in the event of password changes. Now, these corporations need to decide how some of the regular help desk tickets can be dealt with remotely.
For many enterprises, the option to work remotely was not available to the majority of employees. Our concern is, how did these enterprises scale up so quickly to handle remote workers? Hopefully, corporate VPN’s have been securely stood up that do not allow concurrent sessions and only enable authentication with multi-factor authentication (MFA) to help mitigate those workers with weaker passwords."
Ken Liao, Vice President of Cybersecurity Strategy of Abnormal Security
"The number of cyber attacks related to COVID-19 is spiking. Some researchers are reporting that COVID-19-related attacks represent the largest set of attacks on the same theme they’ve ever seen. Attackers are using fear and urgency of the COVID-19 backdrop as employees start shelter-in-place routines.
Emails attacks are on the rise, but this special breed of COVID-19 attacks are novel and never-before-seen – and they’re being delivered to employee inboxes at organizations without advanced email protection. During this time of extreme vulnerability, security teams must ensure they are protecting against these attacks. To do this, they must analyze a broader set of data in order to better understand the context of communications. For example:
Perform identity modeling of both internal and external (partners, vendors, customers) entities, and analyze more data sources as a part of that modeling to enable a deep understanding of the real individual behind the communication.
Create relationship graphs to understand not only the strength of each connection and the frequency of communication, but also the content and tone of the communication.
Perform email content analysis using techniques like computer vision techniques, natural language processing, deep URL analysis and threat intelligence to better understand what is being communicated and how.
These techniques provide superior context in order to stop these unprecedented attacks."
Avi Shua, CEO and Co-Founder of Orca Security
“Resist the temptation to allow your workers to access business data by using non-corporate logins or non-business machines. This is a one-way street that cannot be undone later.
Even if you don't already have the infrastructure to allow people to work from home, you can easily set cloud-based security parameters using readily available and affordable solutions with a good level of protection (i.e. using GSuite with multi-factor authentication). This type of system can be up and running within hours, and is still manageable by the company, unlike copying business data to personal accounts.
Additionally, if your employees don't have work laptops, consider purchasing dedicated devices for that purpose. Personal machines have higher chances of already being infected or misconfigured in a way that an attacker can easily steal business data.
Lastly, but not least, make sure to establish a trusted channel of communication with your employees. Phishing attempts are on the rise, and your employees need to know how to distinguish between a real call from the IT department and a malicious one."