Cyber-Security is always an important topic. As the role of technology continues to grow we are seeing cybercrime increase. There is a cyber-attack nearly every 39 seconds. If you think that you won’t be a target because you’re only a small business, think again. Nearly half of all attacks are against small businesses.

We have all heard the saying, “There is no honor among thieves.” This is all the more true when it comes to cybercrime. For whatever reason, it is easier to do things electronically than in person. Perpetrating crimes via technology allows people to hide behind the screen and a few clicks of a mouse. Allowing easy access to anonymity.

Furthermore, during times of uncertainty our rationale and critical thinking when it comes to this can be clouded. Below we will look at how hackers have been exploiting Covid-19 and how you can maintain your cyber-security among the craze of the Covid-19 pandemic.

Honor Among Thieves?

In our office, we are very mindful of cyber-security. We touched on this in a previous article, Cybersecurity: Protecting Your Personal Finances. However, the tech world is continuously evolving and cybercriminals are doing everything they can to remain ahead of the curve.

During the Covid-19 pandemic hackers have been exploiting the general fear in several ways: malicious health advisory emails, and exploiting popular general information sites.

Covid-19 Tracker

One such popular website is the John Hopkins Coronavirus Covid-19 Map. According to reports, this site received 1.2 billion daily requests in early March. I’m sure this number has continued to climb as the number of cases also increases. We received a newsletter from a cyber-security company we work with outlining this.

While accessing the correct map is usually safe, attackers will commonly create websites designed to mimic or embed data from legitimate sources in order to lure victims. Once the victim has visited the malicious web page, the hacker is able to force the victims machine to download and install malware. One example that has be observed in the wild recently is called ‘AZORult’. While not an automated install, this commodity malware attempts to disguise itself as ‘Corona-virus-Map.com.exe’. Once installed, the malware will target information such as user names, passwords, emails, and banking information.

Attacks such as this will become heightened or increase during events such as the Covid-19 outbreak. Always ensure that you’re visiting the proper domains and websites in order to gather your information.

Other Threats

Although phishing/social engineering attacks are always present, be prepared for an increased number of attacks. When people are in a panic and in states of uncertainty, our rationale and critical thinking can often be lacking. This is a time where hackers will look to capitalize.

This means you need to be on the lookout for suspicious emails and pay extra attention to your web activities. Only use trusted sites and do not click on ads. It is easy for hackers to infiltrate a website by placing malicious ads. Some of these attacks will no doubt be convincing and successful, make sure you are prepared.

Personal Cyber-Security

With all the chaos and uncertainty around us, don’t make things harder on yourself. Be prepared, and be smart. This pandemic will pass but don’t turn a blind eye to potential cyber attacks. Below are some things you can do to make sure you stay as safe as possible.

Attachments

Only open attachments, emails, links, etc. that you know are from a trusted source. Attackers can compromise credentials in a variety of ways: stealing log-in information, creating similar URLs/emails, or SIM Swaps. If you not sure who sent it, don’t open it. If you weren’t expecting a friend to send you something, take time to pick up the phone and call them to confirm that it is safe to open.

Legitimate Sources

Only seek out legitimate sources for information. Do not click on random ads that have catchy headlines. Pay attention to URLs and make sure they are spelled correctly. It is very easy to create a domain that is one letter off and can cost less than $20.

Password Managers

When possible, use a password manager in order to create and store your login credentials. Password managers also allow you to create a much longer and more complex password, which will be harder for attackers to crack with brute-force. KeePass is a good example of this type of software

Up to Date Software

Make sure that your operating system, anti-virus, web browser, applications, etc. are all up to date. As malware, ransomware, and viruses continue to evolve, the only way to combat them is to make sure nothing is out-dated.

Business Cyber-Security

The information presented above also applies to business. This, however, presents the challenge of managing a completely remote workforce. Rest assured that with these tips, the transition to a remote workforce doesn’t have to be a security nightmare:

VPN

Ensure any hardware employees have taken home are connecting to corporate VPN connections not configured to use split-tunneling. This allows for your organization to keep the security benefits of your network technologies. 

Multi-Factor Authentication

Ensure that any software or platform as a service (SaaS or PaaS) solutions such as Microsoft Office 365, Slack, or OneLogin are protected with multi-factor authentication (MFA). It is recommended to avoid using email or SMS as an MFA method, and to use solutions such as a soft or hard token (e.g., Google Authenticator or RSA Tokens).

Anti-Vurus

Ensure that any devices you need have the latest anti-virus (AV), endpoint detection and response (EDR), or configuration management tools. This will allow you and your team to continue to monitor the security of the device even if it is remote.

Secure Channels

Ensure that any remote IT operations are only done over secure channels, and behind a VPN connection. Even if your IT infrastructure is in a cloud service provider, such as Amazon Web Services (AWS), you should still avoid exposing Remote Desktop Protocol (RDP) or Secure Shell (SSH) services to the internet. Attackers are constantly scanning public-internet connections for these services and will attempt to use brute force techniques or scan these exposed services and servers for vulnerabilities.

Conclusion

Whether you’re managing your personal finances or leading a business, these are trying times for us all. Remember that while we’re not in control of everything that is currently happening, we are in control of our approach to cyber security. By following the tips in this article, we can rest assured that our digital assets will not fall into crisis as well.