Although many businesses have now adjusted to working from home, the pandemic’s disruption to the global economy and the vulnerabilities attributed to remote work have raised major concerns about cybersecurity. According to the recent CSO Pandemic Impact Survey, 61% of security and IT leaders are concerned about increases in cyber attacks, particularly in regards to attacks on employees working from home. Preliminary data reveals that their concerns are far from misplaced, as 26% of respondents say they’ve already seen increases in the volume, scope, and severity of cyberattacks since mid-March.
Of course, cybersecurity isn’t something to be taken lightly. Roughly 70% of organizations plan to increase their cybersecurity spending following the pandemic in an effort to mitigate losses. That makes sense, as according to one resource, 60% of all small businesses permanently close their doors within just six months of a cyber attack taking place. During a time when so much is uncertain for small businesses, a single attack could represent the last nail in the coffin.
So what can you do to ensure your business and your employees are protected? And what should you look out for?
Common Attacks and Scams During COVID-19
The Cybersecurity and Infrastructure Security Agency (CISA) maintains that phishing schemes — which use emails and fake websites to trick users into revealing sensitive info — will likely be on the rise during the pandemic. And while you might think you can outwit the criminals who create these emails, a 2019 small business owner survey conducted by Nationwide Insurance found that 29% of business owners had become victims of phishing attacks. Some have reported that they’ve seen fraudulent emails that use logos and images associated with the U.S. Center for Disease Control and the World Health Organization — and that these emails have capitalized on coronavirus fears in order to get recipients to click. Other fraudulent emails have masqueraded as charities soliciting donations to fight COVID-19 or as information regarding government financial relief packages for small business owners.
Ransomware and malware are nothing new, of course, but they’re also becoming more prevalent during the pandemic. And not surprisingly, data breaches are an even bigger threat with employees working remotely. Remote desktop protocol targeting could also be an issue if your business fails to use a virtual private network (VPN) or is lacking in the asset management department. At least one-third of all data was predicted to pass through the cloud by this year — and while that makes things more convenient for businesses, that can also make operations easier for hackers. Credential stuffing has also been known to be employed by criminals during this time. This practice, which involves obtaining usernames and passwords for one site and “stuffing” them into login portals for others, can allow unauthorized persons to access account information even without an actual breach. Since many people will reuse their passwords for multiple accounts on all kinds of websites, your clients could be more vulnerable than they or you realize.
Tips For Protecting Your Business
Now that you know how real and how prevalent these attacks might continue to be, it’s essential you take steps to protect your organization. Although around 38% of company disputes involve class action lawsuits, it’s entirely possible that your business could be sued by individuals impacted by a breach if you’ve neglected to properly safeguard their information or notify them in a timely fashion of an attack. And even if you don’t face any legalities in that regard, poor cybersecurity could lead to the downfall of your business.
In an effort to identify and avoid these attacks, experts recommend that business owners:
- Use VPNs and encourage remote workers to enable automatic updates for routers, update equipment, use a password-protected firewall, and enable two-factor authentication
- Update and patch software regularly and install anti-virus and anti-spyware programs
- Ensure all printers are secure (especially if they connect to devices via WiFi or Bluetooth) and shred all printed documents based on company policies
- Ask employees to use work devices only for professional activities and to lock computers away in a safe when they aren’t in use
- Designate specific company-approved USB devices, use data encryption, and use specific types of storage for work information
- Require all employees to change passwords frequently or use a company-wide password locker
- Teach employees to recognize potential scam emails and to never click on any link or downloadable received via email they cannot verify
- Drive home the importance of contacting your company’s IT department directly if any suspicious emails have been received
- Utilize an anti-phishing filter for email accounts
- Back up data frequently
- Maintain a secure, password-protected video conferencing portal
While it’s difficult to get your cybersecurity threat level to absolute zero, it’s essential to keep up with changing trends and be proactive — especially during times of economic downturn. With more time on their hands and faced with more financial hardship, would-be cybercriminals are likely to become more brazen as the pandemic goes on. By remaining one step ahead, you can protect your business and alleviate the risk of vulnerabilities during these uncertain times.