There is a proverb that says, “Crime never sleeps.” Anyone who has watched “Mr. Robot”, starring Rami Malek, also knows that cybercriminals are insomniacs. What does this mean for you? It means that hackers are working tirelessly around the clock and around globe to take advantage of the chaos surrounding the spread of COVID-19. Responding to government and medical recommendations to slow the spread of the virus, companies have sent their employees home to work – many for the first time. The speed at which businesses have responded has created vulnerabilities, if not outright holes in their security and potentially yours.
There have been so many cybercrimes committed in the last 2 months tied to the coronavirus pandemic that on Friday, March 13, CISA issued an alert about the immediate threat of increased cybercrime.
Why are you at risk?
Unless your business has already implemented a comprehensive virtualization strategy with up-to-date endpoint security and multifactor authentication, your current IT environment is probably optimized to safely support remote workers. There are four primary areas that are particularly vulnerable to hackers when employees work from home.
- Your VPN: A shift to telework requires an enterprise virtual private network (VPN) solution to connect employees securely to your network. Have you implemented a VPN? Can your VPN handle an increase in remote connections? If not, cybercriminals will exploit this weakness. Additionally, VPN software runs 24/7. If your VPN is not vigilantly maintained with the latest security updates and patches, it is vulnerable to breach as well as ransomware.
- Shared Personal Devices: With remote employees, there is a high probability that your IT environment is being pinged by personal computers, cell phones and tablets over public WIFI, and protected by weak passwords (think: your dog’s name or your first child’s birthday). Without multifactor authentication (MFA), your network and company are at risk from increased phishing attacks as well as increased susceptibility to breach via viruses and malware.
- IT Support: Can your IT Support monitor, manage, secure, and support a hastily created virtual environment? Does your IT Support team currently have the bandwidth and skillset to implement VPN software, MFA, place agents on your staffs’ home computers and continue their “day jobs”? If not, you may need help.
- A rise in email phishing: According to CISA, hackers are capitalizing on people’s interest in the coronavirus and COVID-19 to steal usernames and passwords. Ensure your employees are aware of this scam and that your email security is up to date in order to detect phishing attempts using coronavirus-themed email and fake domains.
Are you ready to combat these challenges? Do you have the resources – time, trained IT staff, software solutions, and the processes in place - to ensure your company, employees and data remain safe during this epidemic? Here are four straightforward ways to mitigate risks related to employee telework and thwart hackers and cybercriminals who are on the prowl.
How you can protect your organization:
Make cybersecurity a business priority: Even before the coronavirus pandemic, 43% of all cyber-attacks targeted SMBs.[1] Even more alarming, 60% of all companies that experience a cyber attack are out of business within six months. [2]
- Educate: Fight back against cyber criminals by creating an informed workforce. Educate your employees about security vulnerabilities specific to working from home. Teach employees how to lock down their devices, access private networks, improve password security, and detect and report possible phishing emails. Clearly convey to your employees that right now, 50% of emails regarding the coronavirus contain malware and should not be opened.
- Update: Ensure your VPN, network, infrastructure, and devices being used for remote work have the latest software patches and security configurations. Also, implement MFA on all VPN connections to improve security. Implement strong password policies for all employees and ensure you roll out RMM on all devices that will be accessing your network.
- Prepare to fight: Ensure that your IT team are prepared to ramp up the following remote-access cybersecurity tasks: log review, attack detection, incident response, and recovery. Implement not just the security but processes and discipline to closely govern your environment, employees and network.
Crime never sleeps; nor do viruses. However, your business and employees have an opportunity to prepare and respond to the challenges of securely transitioning to a virtual workforce.
Consider partnering with an IT MSP that focuses on cybersecurity and provides IT Support. Offload the IT burden necessary to transition your staff to working from home so that you can focus on your primary business, maintain productivity and continue to thrive in a changing marketplace.
Contact ARCO Group today for a Free Cybersecurity Assessment. We are dedicated to the security of your business.
[1] https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html
[2] Inc.com, Galvin, Joe,“60 Percent of Small and Medium Size Businesses Fold Within Six Months of an Attack. How to Protect Yourself.” https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html