skip to content
Contact
Home
Search

Article

How to navigate cyber risks and protect your business during COVID-19

Updated: January 22, 2021

The coronavirus pandemic had a swift and significant impact on the way many businesses in Canada operate. Almost overnight, entire organizations had to pivot to remote work as governments initiated measures to stem the tide of the virus. Businesses are still being encouraged to allow employees to work from home as much as possible as we experience COVID-19's second wave.

In the not-so-distant past, working remotely was considered a nice-to-have in the corporate world. However, most companies never considered this would become business as usual, and were caught unprepared to deal with the cybersecurity threats during COVID-19.

With this new reality of remote work (also known as teleworking), cybercrime risk has increased. Employees are required to work remotely using their home network with connections that are outside the bounds of perimeter security. Home-based networks typically don't have a firewall to protect internet traffic.

Organizations may now find themselves vulnerable to additional cyber risks, which can impact the confidentiality, integrity, and availability of key data and information systems.

Contact an expert today

What are the top five cyber risks when working remotely?

Protecting your organization starts with understanding some of the biggest risks:

Employees that may be unfamiliar with approved remote work solutions may have the ability to install various open source software for collaboration with other employees or customers. These programs may or may not be secure or in compliance with corporate information security and privacy controls. They could even be malware that may damage your data and/or systems.

IT teams may have to defer the regular patching schedule on critical assets to keep network operations stable and available. The increased demand on keeping the remote infrastructure available may limit allowable downtime for patching and updates.

Utilizing home computers or insecure home Wi-Fi networks to connect to and perform work may lead to security breaches, data leakage, and disruption in business operations due to the inadvertent installation of malicious software. When you ignore securing your network, your business is exposed to hacking, hijacking, and other cyber threats.

An insecure and/or outdated remote access VPN infrastructure may lead to systems being unpatched or users accessing malicious websites.

Business email compromise through the spread of malicious content related to COVID-19 may include the use of false or misleading guidance, fictitious new updates, or fake coronavirus global dashboards, to name a few.

How can businesses protect themselves against cyber attacks?

While the incidents above are more high-profile examples, the fact is that no organization is too big or too small to be targeted by cyber attackers.

If you, or a staff member, receive an email asking for transfer of money or invoices to be paid, it's crucial to verify the legitimacy of the request. As a best practice, pick up the phone and confirm the person is who they say they are.

Disabling digital assistants such as Alexa or Google Assistant, or at least not talking to clients within earshot of such devices, is highly recommended. Depending on how you may have configured the privacy and security settings on Alexa and Google Home devices, they may or may not necessarily record you, but it provides a window of opportunity for a potential hacker. Review and increase your privacy and security settings on these devices.

Users should use strong authentication techniques, such as WPA2, to authenticate and connect to home networks. Consider using strong passwords with 12 characters and changing passwords after changing the authentication technique.

Periodically check systems for missing patches and outdated antivirus definitions. Consider implementing network access control (NAC) to check the security hygiene of endpoints before allowing remote access to the infrastructure. Ensure your systems, including VPNs and firewalls, are up to date with the most recent security patches.

Conduct cybersecurity awareness campaigns within your organization to increase knowledge about phishing attacks, especially those related to COVID-19. Update security training for staff and stakeholders to inform and educate them about cybersecurity practices, such as detecting socially engineered messages.

Re-evaluate your cybersecurity measures in anticipation of the higher demand on remote access technologies, and test them ahead of time. Validate that the remote desktop client was configured appropriately and is secure. Ensure your work devices, such as laptops and mobile phones, are secure. Implement multi-factor authentication for remote access systems and resources (including cloud services).

How BDO can help

We understand the cyber risks and challenges that today's businesses face, especially during periods of uncertainty and disruption. Our team of cybersecurity professionals has the experience to assess and secure your infrastructure as well as help you respond to potential cyber incidents your business may experience during the COVID-19 crisis.

To learn more about how we can help with your cybersecurity needs, contact an expert today.

Sources:

https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response

https://threatpost.com/who-attacked-possible-apt-covid-19-cyberattacks-double/154083/

https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#7e71600118e5