2020 has so far been a year of great misfortune. This should be obvious to most people in the world, as we are all affected by the global pandemic in one way or another. While this should be a time for cooperating and helping others, reports have shown that cyber criminals have not let the global crisis give them reason to relent. Even before the coronavirus outbreak, cybercrime had already fast increased and is predicted to reach a worldwide cost of $6 trillion by 2021. This will make it the most expensive crime of all time, surpassing the trade of illegal drugs. Cybercrime is a persistent threat, and attackers are ready to exploit any potential vulnerability.
For those of us concerned about the threats of cybercrime (and that should be all of us), it is a good idea to engage a computer support company that’s reliable and can offer educated advice on security matters.
The rise of cybercrime
Most of the world has recently been busy with more pressing matters. This could be treating those with infections, securing sufficient amounts of protecting clothing for hospital staff or delivering food to elderly people under social distancing instructions. Understandably, cybercrime has not been a top priority in a time of crisis.
Unfortunately, the disruptions seem to have motivated criminals to accelerate their activity. In April the FBI said that they were receiving four times the number of cybercrime reports. Under normal circumstances around 1,000 reports a day are made, but this increased to between 3,000 and 4,000 a day since the coronavirus outbreak.
European Commission President, Ursula von der Leyen, addressed EU citizens at the end of March warning of increased threats of cybercrime. This, she explained, was the result of both the higher numbers of people working from home and the extra time that everyone is spending on the internet.
Cases of ransomware have increased, and shockingly the targets have frequently been scientific, medical or health related facilities where individuals are tested for coronavirus or vaccines are being developed. In March, the personal and medical data of thousands of patients was leaked in an attack on the Hammersmith Medicines Research company. The breach was made after the organisation refused to pay a ransom to a group of cyber criminals. COVID-19 Ransomware has also been used to target the mobile phones of individuals and extract payments.
Interpol is warning against phishing and malware that purport to be COVID-19 advice, but aim to infect computers and steal sensitive data. The World Health Organisation (WHO) has also warned that there are many malware attacks that attempt to use the name of the WHO to gain access to personal computers via a malicious link.
Other fraud schemes are attempting to trick respondents into making online purchases for hand sanitisers, masks and even treatments that falsely claim to provide a cure for the virus. The nature of these crimes, and their increased numbers, show that cyber criminals are prepared to exploit any possible weakness for their own financial gain. In the worst-case scenarios, cyber-attacks on hospitals can even lead to the loss of lives when medical resources are disrupted or slowed.
The best security measures
Working from home calls for a different cybersecurity approach to the office, and a series of new challenges. Different security protocols may be specific to each organisation, and a coherent IT security policy should be followed.
Use a secure VPN
A VPN (virtual private network) can secure data between employees working at home and core systems. These can encrypt data transfers and hide the IP address and location of the user. VPNs should be carefully researched, as they are not all to be trusted.
Ensure software is updated
Software that is not updated can represent a vulnerability for the entire network. After new software has been patched, the old, unpatched versions are prime targets for cybercriminals. This means businesses need to make sure all of the computer equipment used by employees working externally can meet the standard.
Multi-factor authentication (MFA) should be enforced as a minimum procedure. This is currently the highest level of protection across all devices so it should be made compulsory for working remotely. In addition, a password audit can be carried out to make sure passwords are kept in line with company policy. Password management solutions can be used for this purpose.
Organise your backups
The easiest way of doing this is to use a cloud-based backup service to keep everything in a central location. Otherwise external drives should be used for making backups, as backing up to local storage can present a considerable security risk.
Manage all mobile devices
This can be achieved using a mobile device management (MDM) or enterprise mobile management system to keep track of all the endpoint devices that can pose potential risks. These are also able to keep corporate data separate from personal data.
Whether this involves educating employees, colleagues or yourself, we all need to keep up to date with regards to security matters. It may be a good idea to follow guidelines provided by regional or national authorities or take part in the security training offered by large corporations, such as Google.
In the middle of a crisis, cybercrime may seem like a low priority. But given the recent rise in incidents of cybercrime and the grave damages that can be potentially incurred, it is something that should certainly not be overlooked.