Cybersecurity: pandemic increases risks
Phishing, ransomware, account hacking… Computer attacks are on the increase in the context of the current health crisis. The Covid-19 epidemic has pushed companies to accelerate the adoption of new ways of working to ensure the continuity of their activity, in particular with the deployment of teleworking. This adaptation has had repercussions on their cybersecurity. Indeed, this situation has been a godsend for cybercriminals who have taken advantage of it to multiply their attacks.
What is cyber security?
Cybersecurity encompasses all means of ensuring data protection within a digital infrastructure. In fact, it is an IT commitment that companies make to ensure the smooth running of their business.
Its fundamental objective is to reduce the risk of cyber attacks. These are usually aimed at accessing, modifying or destroying sensitive information, extorting money from other users, or interrupting business processes.
From installing anti-virus software to configuring servers, multi-factor authentication when logging into an account or guarding data centres, cybersecurity is a vast field.
Cybersecurity and telework
The new organisation of remote work has given rise to a large number of mobile workers. They are more often used to using a fixed computer at work than to working from home. These employees have had to import professional tools into their private sphere. They have to access their companies’ servers from their own home networks. This increases the exposure of data and the risk of hacking. It is therefore not surprising that cybercrime has increased considerably since the start of the pandemic. In June 2020 Swissinfo.ch reported figures from the Swiss National Cyber Security Centre (NCSC). They show that 350 cases of cyber attacks were reported in Switzerland in April 2020, compared to the usual 100 to 150.
The coronavirus pandemic and the development of home-based work are a major cause of this increase. With reduced vigilance due to changing daily habits, nomadic employees increasing the vulnerability of networks and information systems, the use of unsecured personal tools and new technologies such as video conferencing sites, teleworking offers new opportunities for cybercriminals and is becoming a major source of threats. Not only are there more targets for hackers to attack, but they are often much less protected than corporate IT environments. Employees are also dealing with a lot more email, which increases the risk that they will inadvertently click on a phishing email.
The deployment of teleworking in response to the health crisis has therefore created many uncontrolled, unmonitored and unsecured access points, making companies even more vulnerable.
What are the most common computer attacks?
Fraudulent emails, website blocking and ransom demands, phone fraud and identity theft to obtain passwords or banking information, data theft via cloud hosting… A computer attack or cyber attack is an attempt to steal, alter, disclose, deactivate, destroy or simply obtain unauthorised access to a computer system or network. They can take many forms. Whether you are an individual or a company, the moral or financial damage can be very significant.
These threats have intensified due to the opportunities presented by the Covid-19 epidemic. Hackers take advantage of the vulnerability of equipment and the lack of experience and attention of individuals. They infiltrate computer servers and steal personal or private data. Indeed, phishing attacks have increased considerably with the pandemic. This type of cybersecurity threat involves the sending of fake emails. They come from seemingly legitimate sources to obtain information such as credit card details or passwords. Cyber-attackers also take advantage of people’s interest in coronavirus-related news. They pose as health authorities and send, for example, emails about vaccine developments. They hope to exploit fears and unanswered questions about Covid-19.
The series of cyber attacks on video conferencing services is another example of how criminals are exploiting weaknesses in cyber security. Since the Covid crisis, more than half a million users of video conferencing services have had their personal data (names, passwords, email addresses) stolen.
When a cybercriminal obtains a large amount of stolen login data, he can perform credential stuffing. The attacker bets that a number of the affected users will reuse the same credentials on other sites to access them with the stolen credentials. The attacker can then empty bank accounts, make large purchases or steal identities to create fraudulent accounts. The attacker could also connect to virtual company meetings and obtain confidential information that could damage the company’s reputation, or use the credentials to connect to a company’s internal network via its VPN and then increase their privileges to conduct more serious ransomware attacks.
How to strengthen your cybersecurity strategy?
Companies are now faced with new risks that they cannot control. However, the risks of cyber attacks can be limited by providing employees with appropriate support in the area of cyber security. Indeed, a proactive and vigilant approach increases the chances of preventing or mitigating a security breach. To protect your company, it is therefore essential to train your employees so that they follow best practices.
Practical advice should be followed to protect against cyber attacks:
Encourage the use of professional equipment: it is best to avoid using a personal computer for professional purposes.
Adopt effective tools: antivirus/anti-malware/VPN, these tools are essential for working safely from home. Antivirus software offers very advanced protection systems. VPNs, on the other hand, provide effective protection for web browsing.
Updating software: beyond the often aesthetic and ergonomic aspect of these updates, most of the time they have a security purpose. Indeed, in software, applications and operating systems, flaws can be detected; updates therefore make it possible to reduce the risks.
Back up data: In the event of a cyber-attack, a backup made beforehand will limit the damage caused. The data and activities recorded just before can be restored. It is therefore important to plan a regular backup.
Strengthen access rights: access to data should be protected by complex authentication processes and passwords that should be changed regularly.
Create a business continuity plan: this is an imperative for companies as it allows them to maintain their business in the event of an interruption.
Raising awareness of cyber security among your team: human error is one of the main causes of IT security failures. A single click on an infected link can topple a company’s security. Therefore, educating employees about cyber threats is a key role in strengthening cyber security.