How to Be a Cyber Resilient Business in a COVID-19 World

The shift to remote work due to COVID-19 has brought along new challenges in cybersecurity. According to the Microsoft Digital Defense Report 2020, cyber attacks soared over the past 12 months, with phishing activities increasing by about 70%. It has never been more important to be cyber resilient by implementing adequate cybersecurity measures to protect your enterprise’s data and systems and ensure business continuity in the face of attack.

Here are some of the advanced COVID-19 related cyber threats and their recommended solutions.

Phishing

Phishing involves tricking people into revealing their credentials, usually using spoofed emails. This year, cybercriminals are increasingly sending COVID-19-themed emails, SMSs, or mobile app messaging to employees to steal their personal information, including system passwords.

To be cyber resilient against phishing attacks, companies should:

  • Train employees to recognize phishing attempts and password security.
  • Install spam filters or anti-phishing applications.

Brute Force Attack

Another tactic employed by hackers is known as the brute force attack. This technique involves repeatedly guessing passwords or using a list of passwords stolen in previous breaches to access a protected device or system forcefully. Bad actors may execute a brute force attack remotely.

To protect your business from brute force attacks:

  • Have all system users create unique, long, and hard-to-guess passwords.
  • Limit failed login attempts to a small number, such as three, per user.
  • Combine password security with another form of authentication, such as Captchas. Multifactor authentication is also effective.
  • Protect all systems and devices with the latest antivirus software.
  • Install the latest application and operating system security patches.

Insider Threats

An insider threat comes from a former or current employee with legitimate login credentials. Such risks have been on the rise and are some of the most difficult to detect in any organization. Typically, a rogue insider may leak sensitive corporate data to bad actors or sell it on the black market.

To protect against insider cyber threats:

  • Conduct background checks on all staff members allowed to access corporate networks and software.
  • Have a small number of privileged users to minimize insider risk.
  • Limit remote access to only network components that are essential to business operations.
  • Track and analyze all user activities on corporate software and websites.

DDoS Attacks

Distributed Denial of Service (DDoS) attacks have increased sharply since the onset of the coronavirus pandemic. In a typical DDoS breach, the attacker may seize control of your corporate network, locking you out of mission-critical IT resources. Ransomware is the trending version of DDoS.

Ransomware attackers usually deploy malware that encrypts your data, making it unusable. The illegal program then displays a note with ransom demands and instructions for payment to release the data. Once you’ve paid the required amount, the criminals decrypt your data.

Optimal DDoS security involves:

  • Having your remote workers’ use secure company-issued devices with adequate application, firewall, and OS security.
  • Optimizing home wireless router security by updating the device’s firmware, using strong passwords, and applying WPA2 or WPA3 encryption.
  • Providing VPN protection for remote access devices, including desktop computers, laptops, and smartphones.
  • Backing up your system and key IT services in the cloud.
  • Installing antivirus solutions

Cyber resilient large and small businesses in the COVID-19 era have to adopt superior cybersecurity capabilities. Regardless of your business size, you may also need to get cyber insurance coverage for legal and financial protection. Get in touch with the experts at Pittman Insurance Group, LLC for help insuring your business against common cyber risks. Our experienced agents will assist you in addressing your protection needs.

Call Us