COVID-19 fears bring opportunities for cyber criminals
Cyber Risk Aware is offering free COVID-19 Phishing Tests to help businesses defend their network against increased cyber threats during this Coronavirus pandemic period. At a time when businesses and individuals are more vulnerable, many working remotely to mitigate the spread of this pandemic, organisations need to pull together for the greater good.
Keeping businesses operational and protecting work forces from escalating threats should be a global consideration and a united collaboration.
Increased Covid-19 phishing scams
A time of crisis is unfortunately a haven for others, with hackers capitalising on the fears and vulnerabilities of the Coronavirus outbreak. There is a huge spike in phishing email scams featuring Covid-19 lures, spoof government tax refunds and numerous fear mongering messages that, encourage click throughs that lead to the revelation of personal data, bringing whole IT system networks down at the touch of a button.
The recent Czech Hospital cyber attack saw an entire hospital shut down as a result of a compromised network with devastating damage at this critical time.
A time of uncertainty has led a path to unprecedented behaviours. With the majority of the workforce now encouraged to work from home, the risk of businesses experiencing a cyber incident is significantly increased. Therefore it is imperative staff and businesses are prepared and protected from these very present cyber threats as best as possible.
Cyber Risk Aware’s Do’s and Don’ts for working remotely
As well as implementing Cyber Risk Aware’s free phishing tests within your business, there are other best practices all businesses should put in place to ensure your remote workforce is helping you protect your business, your data and your reputation.
- Be extra vigilant to Covid-19 phishing scams - run the free phishing campaign to assess risks, deliver awareness and train your staff.
- Use secure company provided systems - ensure cloud-based systems are patched and don’t use personal accounts.
- Be prepared and equip your staff. Provide encrypted up-to-date devices with patched applications, and VPN’s to access your company’s internal systems.
- Put protocols and processes in place should a cyber attack take place to minimise impact. Cyber Risk Aware offers PhishHuk, a free outlook plugin, which staff can use in their email ribbon to report phishing emails to IT Security.
- Have clear lines of communication. Avoid Social Media and Whatsapp when revealing sensitive data. Ensure your company is set up with secure best practice communication channels.
- Don’t take the easy route. Shadow IT - a term used for downloading unapproved software, is an increasing threat to cyber security. This can include Macro for excel or software to grab screenshots for example.
- Don’t connect to public WiFi. Instead use a company provided VPN or mobile data if accessing sensitive data.
- Don’t allow the use of personal devices as they are often insecure and vulnerable to cyber attacks.
- Password protections and encryptions are key. On devices, files and data.
- Don’t forget to backup data centrally. Be it the concern of a system crash or the risk posed by a ransomware attack, ensure all backups are made daily, to a central location and that restores are tested regularly by IT staff.