For example, a ransomware app was created for Android, purporting to be a free information tool about Coronavirus but instead hijacking devices. There have been phishing scams targeting remote workers and getting them to visit fake company log-in screens. Certain nations are also reported to be using virus-related content to conduct espionage operations.
Another shift we’re seeing is the return to ransomware to steal financial data. Ransomware declined to just one in five compromises investigated by Trustwave in 2019, but indications are that it has been climbing again recently, due to the easy availability of tools, the growth in the attack vector caused by the increase of working from home and the ease of monetisation for the attacker.
All this is a sharp reminder of how important it is to have a secure internet for your business wherever your staff are working. With the world in crisis, people and organisations are distracted and defences are down. Businesses need to be able to protect themselves because the stakes are high. Research suggests that as many as 50% of mobile devices are infected with malware in some countries. In Australia around one in twenty mobiles and one in ten computers are estimated to be infected. The average cost of a cyber-attack to a business in Australia is over a quarter of a million dollars – caused both by the value of the stolen data and the time taken – several weeks in many cases – to resolve.
Invest in the best protection
Businesses should ensure that all their devices and networks are secure with the most robust security solutions available, and keep them updated. If you don’t already have appropriate cyber-insurance, you should consider it to protect against loss and damage, including reputational damage in the event of a major breach, and if you do, make sure your cover is appropriate and up-to-date. Above all, have reliable backups in place – this is the number one fallback when it comes to ransomware.
Humans are a weak link in the security chain. Errors and ignorance are responsible for a significant number of breaches.
If your security policies aren’t clear enough to the user they might do something which introduces risk. No matter how carefully you secure or lockdown devices against automated threats, a carefully engineered phishing email, connecting an unprotected device to an insecure Wi-Fi network, visiting risky websites, and downloading risky apps might compromise the network and break through your defences.
Having proper training so workers can protect themselves and your business is vital. Teach employees about phishing scams and methods to verify email senders and embedded URLs before clicking. Keeping staff up to date with the latest cyber threat news is important, as COVID-19 related scams rapidly pop up and evolve. Strong spam filters will help detect and remove some of these but not all.
Good business practice is to run a test phishing scam on your staff from time to time. Make it reasonably clear to most people that the email is a scam. The objective shouldn’t be to catch your staff out, rather to remind them to pay attention to their emails so they and your business aren’t compromised by a real scam.
Protect remote devices
The increasing numbers of devices connected to the internet in home offices present risk, which will only increase as hackers continue to find ingenious and nefarious ways to infiltrate the Internet of Things. With workers based remotely, devices they use that connect to your company network or share files are now points of vulnerability for your organisation.
Videoconferencing has been a recent area of concern with security issues around communication platforms such as Zoom. And while Zoom have been rapidly issuing security updates to make their platform more secure – including encrypting your calls, you should always ensure that staff have the most updated versions of your video conferencing software installed, enforce the use of waiting rooms and passwords to protect access to meetings.
Staff should be encouraged to use strong encryption methods on home Wi-Fi routers, as well as strong passwords and two-factor authentication where possible. For some, this will be technically demanding to implement, so holding training sessions or sharing how-to videos from security experts may be helpful.
No business is immune to cyber-attacks and they are rising. In 2018 Australian organisations experienced an average 65 security breaches each, up from 53 in 2017, according to Accenture research. Incidents of ransomware, malware, phishing, and stolen devices all increased.
Going forward it’s likely that a few specific risks, such as spearphishing and ransomware, will rise in the short term as attackers take advantage of the new normal – especially if they can take advantage of temporary financial benefits like Job Keeper, Job Seeker and early availability of superannuation (as we’ve already witnessed in the recent hacking incident). As business adapts, and assuming that remote working remains high, the bad actors will look to take advantage of the new attack vectors such as insecure home networks and authentication to cloud services.
Have your remote workers do a regular security audit of their setup and enforce two factor authentication on all your cloud services – preferably with a hardware solution like Yubikey – but at least use a software solution like Authy due to the risks of SMS.
Gavin Costello is Wontok senior manager and has significant experience in media, digital delivery, telecommunications and cyber security working in senior positions. At Telstra, Gavin developed and launched the telco’s Broadband Protect solution, simplifying protection for every device connected to Telstra’s home broadband network. He also grew BigPond Security into a multi-million a year business.