Whilst many of us were catching up on boxsets, hackers were upping their game. Before the pandemic, around 20% of cyberattacks were carried out using previously unknown malware. Since the start of the pandemic, this figure has risen to 35%. Machine learning, more sophisticated phishing attacks and the infiltration of different platforms such as SMS have all contributed to this new era of cyber threat.
E2E Technologies provide managed IT services across the North West. We have seen how various factors have impacted cyber security across a wide range of sectors.
How has COVID impacted cyber security?
Remote and flexible working
Perhaps the most obvious instigator of increased cyberattacks is remote working. The pandemic had such a sudden impact that many businesses weren’t sufficiently prepared for people working from home.
- Due to limitations in available equipment, staff were asked to use their personal laptops and other devices. These were insufficiently protected and therefore vulnerable to the effects of downloading malware.
- Increased demand for IT equipment caused supply chain issues so even when businesses realised they needed more equipment they were unable to buy it.
- While businesses invest in secure networks, many individuals are more focused on price. Homeworkers were therefore connecting remotely using unsafe networks.
- IT administrators were unable to control the internet channel used by staff which also prompted more attacks.
Before COVID many of us thought zoom was simply something to do with cameras. Since the pandemic Zoom, Teams and other video conferencing platforms have become part of our daily lives. Video conferencing has allowed businesses to have meetings, hold interviews and collaborate.
Where increased use of IT software goes, hackers follow. Video conferencing software has become a primary target for cyberattacks with personal data and passwords accessed and sold on the dark web. This led to ‘credential stuffing’ whereby stolen data is used to gain access to other accounts, knowing that individuals often use the same passwords across different platforms.
COVID related phishing
Cyberattacks prey on fear. Since the start of the pandemic, fake emails have been sent to individuals claiming to be collecting information regarding COVID which is duly given and unknowingly sent to cyber criminals. Other emails claim to share information on the latest statistics through an embedded link that downloads malicious software. When staff are receiving these emails on the same device that they use for work, this makes the company extremely vulnerable.
How to protect your business from cyber attacks
- Prepare staff for home working by setting up new accounts with strong passwords and two-factor authentication
- Ensure devices are set to encrypt data while not in use. This protects the data if the device is stolen or hacked
- Use mobile device management software to remotely lock access to a device and erase the data if necessary
- Virtual Private Networks (VPNs) provide secure access for remote users to an organisation’s email system and files. Either install a VPN or if you already have a VPN make sure it is fully patched to fix security vulnerabilities and other bugs
- Disable the use of removable media such as USB drives or only allow the use of products supplied by the organisation. USB drives can contain malware and once introduced to the system it becomes difficult to track
- Ensure the company’s anti-spam and anti-virus software is robust and up to date
- Install advanced firewalls
- Schedule safe and regular website and data backups
- Have a disaster recovery plan
- Educate staff on spotting malicious emails and what to do if they receive one
- Educate staff on protecting their devices and what to do if theirs are stolen