CyberAttacks during COVID-19 Era

Pranav Kumar
|
May 3, 2020

Be Alert everyone: due to COVID-19, there’s a surge in employees working from home. This rapid transition comes with its risks, which can only be mitigated once we understand and take necessary actions to protect ourselves and our organization from the cyber infiltrators.

Indeed, the responsibility lies with the organization for providing necessary infrastructure & tools. However, in current times, it is also the user's responsibility to stay alert and find ways to fight the cyber attack on your organization.

The information shared in this presentation is both for the New Home Users and the IT Teams, intended to raise awareness to protect against the rising cybercrimes on the back on COVID-19.

NEW WORK FROM USERS | Raise your Awareness.

99% of ransomware attacks start from an email message. Don’t rush to click. Check before you open the email OR click on the URL OR open that attachment. It could be malicious!

Call to verify: You may get a mail from your colleague or senior management asking to make payment transfers or share confidential information. STOP!

Reach out via phone or over an online meeting to confirm the payment transfer request or sharing of the confidential information. On a closer look, you may or may not be able to identify that the request is coming from genuine sources. Search for Homoglyph attack.

Remember: if it seems suspicious, it probably is. Investigate further or take advice.

Wi-Fi: ensure your WI-FI is hidden and encrypted using WPA2. Check your router if it conforms to the latest standard. Or use wired instead.

Personal Emails & Printers: Do not use personal emails or your home personal printers for your work-related matters.

Collaboration: only use approved official collaboration tools, such as Microsoft Teams, Amazon Chime, Go-to-Meeting, Skype for Business etc.

Alexa: ask Alexa or Google Home to stop listening. Turn it off or keep it away while having an official conversation.

IT TEAMS – Ready Yet? | Raise your Awareness

Is your VPN safe? Virtual Private Network is very commonly used. Ensure it meets your organization standards. Ensure your firewall can handle the massive traffic inflow.

How about MFA? Multi-Factor Authentication: Ensure it is enforced for all users & Apps.

Operating System: Have you installed the most updated OS, such as Windows 10?

Firewall: Do you have a robust firewall in place? Is it capable to stop uninvited guests from browsing your network?

Email Security: do you have robust email security in place, to protect against targeted threats?

Endpoint Security: Do you have the next-gen (AI/ ML) endpoint security to protect your remote devices?

Brand Protect: What’s your plan to deal with malicious domains impersonating or replicating your digital assets before they do damage to your brand? Are you prepared to protect your customers and your partners against attackers using your digital assets?

Backup: Have you communicated how & where should the user back up their business data? Do you have a Disaster Recovery Plan in place?

Work from Home policy: finally, appreciate that it's new for your office desktop users to work from home. Not only do you need the right tools & policies deployed across the enterprise but also you need to provide user awareness training to keep them and the organization safe from malicious attacks. 

Pranav Kumar

Excited about digital disruption and exponential impact of emerging technologies; I have a deep passion for technology, business, and progress. I envision a future where an intellectual and responsible use of technology will positively change the future of work, and life.