May 12, 2020

5 Cybersecurity Lessons Learned from the Pandemic

By Vicki Humphrey

and John Patrick

Cybercriminals are continually looking to take advantage of new situations, and the current pandemic is no exception. Industries are seeing a growing number of cyber-attacks, especially phishing scams using COVID-19 themes. At the same time, a surge in the amount of work-from-home users has increased the cybersecurity threats stemming from increased attacks on newly and rapidly deployed remote access (VPN), teleworking infrastructure, and even online meeting platforms. In our experience working with clients, we found that one of the biggest lessons learned from this pandemic is the importance of having a Business Continuity Plan (BCP) and Incident Response Plan in place.

Here are a few of the current top threats that have accelerated during the pandemic and helpful tips you can use to protect your organization now and in the future.

  1. Phishing Attacks

    Have you received an email with the subject line referencing COVID-19 updates? How about text messages? “Click the link to view the federal relief package information?” Some companies are even noticing phishing attacks through WhatsApp and other messaging services. Criminals often represent themselves as trustworthy sources such as the WHO or HR, and they send malicious attachments or links to fraudulent websites. These attacks are used to trick your employees into providing company sensitive information and deploying ransomware or other malware for commercial gain.

    Tips on how to defend against it:

    • Companies can add email subject banners to internal versus external emails so that employees can identify whether an email is coming from a safe source.
    • Provide new training on phishing attacks and periodic emails reminding users of the following:
      • For COVID-19 up-to-date information, go directly to legitimate sources and trusted resources, such as the Centers for Disease Control and Prevention (CDC).
      • Avoid opening an attachment or clicking on links in unsolicited emails.
      • Even if you know the sender, it may not be legit. If the content seems odd, contact the sender via a separate communication method to verify the email. Do not respond to the email to confirm if the sender indeed sent the email.
      • Do not provide any personal information over an email or texts,
      • If you are not sure, contact your company security provider or IT department without opening an attachment or clicking on a link.
  2. Meeting Platforms

    The sudden arrival of the COVID-19 pandemic sent many organizations scrambling to find and establish online communication platforms to accommodate remote-working. Many companies are now using Zoom and Microsoft Teams for virtual meetings. You have probably heard about cybercriminals hijacking online meetings that are not password protected or compromising a software version that has not been patched with the latest updates. Furthermore, criminals are now sending emails with attachment names that include ‘Zoomxxx’ or ‘Microsoft-teams###.’

    Tips on how to defend against it:

    (source: FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic, FBI press release, March 30, 2020)

    • Do not make meetings public. Instead, require a meeting password or use the waiting room feature and control the admittance of guests.
    • Do not share a link to a meeting on an unrestricted publicly available social media post. Provide the link directly to specific people.
    • Manage screen-sharing options. Change screen-sharing to “Host Only.”
    • Ensure users are using the updated version of remote access/meeting applications.
    • Ensure telework policies address requirements for physical and information security.
  3. Workstations

    It is critical to separate work and home workstations. We all recognize that a family computer, often used by children, has a high probability of being compromised. Similarly, workers should not allow family or guests to use company workstations or access company data.

    Tips on how to defend against it:

    • Consider providing company workstations (e.g., laptops) with encryption for remote workers. Do not allow a personal workstation to access your company networks or systems directly.
    • Take time to remind employees that while working remotely, they should treat any company sensitive information with the same level of sensitivity as they do when they work in the office.
  4. Home Wi-fi

    Typical households have numerous smart devices such as cellphones, tablets, computers, Alexa, Smart TVs, etc. All of these devices can affect your organization’s network. Home Internet access is typically less secure than a business network. As more employees work from home, home networks must be secured as much as possible.

    Tips on how to defend against it:

    • Encourage employees to enable wi-fi encryption.
    • Consider requiring VPN access for business data.
    • Do not conduct business over free public wi-fi.
  5. Website Security

    Web applications, such as Dropbox or Google Drive, are becoming popular, especially as the workforce becomes remote. However, not all web applications offer adequate security features, including encryption and access control. Additionally, some websites may be fraudulent in an attempt to steal login credentials or data.

    Tips on how to defend against it:

    • When using web applications to store business data, ensure they have HTTPS/SSL enabled.
    • Ensure web apps offer adequate security features, such as encryption at rest, multi-factor authentication, and access restrictions.
    • Always check the web address (URL) to verify the authenticity of the domain (e.g., www.m1cr0soft.ru is not a valid Microsoft domain).

Bringing It All Together

Cybercriminals are quickly exploiting the current pandemic to obtain sensitive information and deliver ransomware. Individuals and organizations should keep up with the latest cyber-attack trends and remain vigilant. The current pandemic is a reminder that organizations should take proactive steps to be ready for any future crisis by implementing security safeguards and continuing to monitor them. Have a Business Continuity Plan (BCP) and Incident Response Plan in place and test them regularly, and don’t stop at table-top (“walk-through”) testing. It’s important to take a possible disaster scenario and conduct a BCP test simulation involving all levels of the workforce. Furthermore, ensure that ongoing risk assessments consider the impact on COVID-19 on business operations, as well as additional risks created by a remote workforce. Now is the time to implement action plans to mitigate these risks.

Do you have a Business Continuity Plan and Incident Response Plan in place?

Our team of Cybersecurity Advisory professionals is ready to help. We have extensive experience with assessing security practices against industry-leading frameworks at organizations of all sizes. Our team has helped companies develop new Business Continuity and Incident Response Plans, security programs, IT security policies, training, and other processes that secure their sensitive data and protect their employees and customers. Explore our full suite of Cybersecurity Advisory services and get in touch today!

Related Insights
5 Quick Tips for IT Compliance & Data Security During COVID-19
Read More
How to Keep Your Internal Controls Healthy During COVID-19
Read More
From Fraud to GDPR: How to safeguard your organization from current threats
Read More

About Vicki Humphrey

Vicki Humphrey has more than 20 years of experience managing Cybersecurity and IT compliance projects, as well as IT strategy and system development projects. As a Senior Manager for Bridgepoint’s Technology Consulting practice, Vicki helps our clients with their cybersecurity strategy and execution.

vhumphrey@bridgepointconsulting.com Recent Blog Posts LinkedIn Full Bio
About John Patrick

John Patrick is an IT Risk & Compliance Engagement Manager at Bridgepoint Consulting. John has deep experience across a multitude of skill sets, including cybersecurity and data protection policies, procedures and best practices, SOX, SOC 1 and SOC 2, IT audit, security, risk, and compliance. A high-performing leader, John has served in dynamic roles that have seen him manage areas of client relationships, sales, business development and technology support. His industry experience spans IT operations and outsourcing, biotech, public sector, banking, food and beverage, communications, oil and gas, real estate, technology and industrial products, among others.  He earned his Information Systems and Accounting degree from the University of Texas at Austin.

JPatrick@bridgepointconsulting.com Recent Blog Posts LinkedIn