How to Remain Cybersecure During the Coronavirus Outbreak

Withum’s Cyber and Information Security Expert Shares Tips for All Industries on Remaining Cybersecure During the Coronavirus Outbreak

Cybersecurity risks have dramatically increased during the COVID-19 pandemic. Withum’s Cyber and Information Security Team is ahead of the curve in assisting businesses from a myriad of industries to protect themselves from cyberattacks.

The US Federal Government is releasing Flash Reports regarding a series of cyberattacks that are extremely concerning to the private sector. Please be aware that during the COVID-19 outbreak, there has been a significant increase in cyberattacks.

Cybercriminals and nation-state actors are using the pandemic as an opportunity to orchestrate cyberattacks through a variety of means, e.g., targeting networks, devices and staff as a means to gain entry into networks.

It is vital to ensure the confidentiality, integrity and availability of networks, systems and data.

A single successful significant cyberattack can be debilitating, even causing prolonged outages over an extended period. For example, Sony’s Networks were down for over a month after a cyberattack on their networks in 2014.

Here is what you can do:

Remain Cyber Vigilant

• Do not insert foreign USB devices, e.g., USB Flash storage devices, into your company’s computers. This includes devices being plugged into home computers, then into company computers. If you receive a foreign / ‘lost’ USB flash device as a gift, identified in a hallway, parking lot, bathroom or other location, do not insert it into a company computer. This is a common tactic used by intruders to gain access to internal systems and networks, as well as cause debilitating damage across systems and networks. Even if your computers have anti-virus, the anti-virus may not pick up a well-crafted malicious injection.
• Always use unique passwords or passphrases. Do not use the same passwords for your systems that you use for personal accounts, e.g., Gmail, Yahoo!, social media accounts, etc. Password Stuffing is a hacking technique that uses stolen credentials from one account, e.g., Facebook, personal email accounts, to utilize against corporate accounts.
• Adopt a passphrase instead of a password. Passphrases are more user-friendly and far more secure than passwords.
  • Password: iliGf2yrs
  • Passphrase: ilivednGermanyfor2yrs

Brute-Force attack cracking time estimate

• Beware of phishing email scams. Even if an email comes from a known user, be mindful of suspicious links. Consider the possibility that someone has already hacked the sender’s account.
• Look out for social engineering scams. Social engineering, as it pertains to security, is the art of manipulation– a non-technical strategy to gain access to systems, including verbally requesting user names and passwords, access to networks, etc.
  Fact: Female hackers are among the most successful in utilizing social engineering as an attack method to gain entry into systems.
• Always lock computer screens. It is as easy as hitting Ctrl + Alt + Delete, then Enter or Windows Key + L before walking away. Enforce this with a short time-out screen saver lock.
• If you see something, say something. Report suspicious cyber-related activities directly to your IT department for appropriate cyber incident investigation.

With more and more businesses reliant on their technology as they switch to remote working, the consequences of cyberattacks become increasingly detrimental. Hackers are resilient and resourceful; do not let the chaos of the pandemic open a window into your confidential data. Protecting yourself from cybercriminals is vital to the security of your company.