Home / Blogs

How to Secure Your Data During Coronavirus

Nobody loves a good crisis more than a hacker and, by anyone's definition, coronavirus is a big, fat stinking crisis that almost everyone on earth is sitting in the middle of. For most of us, a crisis brings out the best.

First responders and the healthcare systems are replete with stories of superhuman sacrifice and commitment to others. Unfortunately, it is this commitment to the work at hand that puts cybersecurity on the back burner and increases the chance of a breach, break-in, or general mischief.

Let's take a look at the problem of increased network vulnerabilities as a result of ramped up, insecure mobile use and how IT departments and new remote workers should respond.

When Reality Goes Digital

The single overwhelming consequence of the coronavirus outbreak has been that the human race has, to a large extent, shifted their lives online. We don't travel. Public gatherings are limited. Most of us spend the majority of our day hibernating at home. And what do we do at home?

Get online, of course!

We're spending more time, using more bandwidth, and creating more hacker opportunities than ever before. We work online and go to school online using videoconferencing and other collaboration tools. When we're done with that, we go online to play games, shop, chat, and stream videos all day long. This new behavior pattern has created a beyond maxed-out level of stress on what used to be considered adequate cybersecurity precautions.

Diagram showing threat agents, attack vectors, weakness, controls, IT asset and business impact.
(Neil Smithline / WIKIMEDIA)

Here are the avenues through which new threats emerge:

The Rise in Remote Work has Created Exponentially More Attack Vectors

In case you haven't noticed, there are a few more of us working from home now than there were back at the beginning of March. Few as in millions. Many millions. This almost instantaneous shift to a work-from-home (WFH) arrangement did not happen in a vacuum. There were consequences that include:

  • Data transmission over unsecured connections by people who don't know the first thing about cybersecurity.
  • Lack of knowledge or use of mitigating software like a VPN or even the knowledge as to what qualifies as a strong password.
  • Increased psychological stress to "get things done" in a foreign environment but with a boss still breathing (albeit from a distance) down their necks.

The bottom line is that employees working from home are probably unfamiliar with how to safely access the company network and will likely throw caution to the wind and that hackers aren't paying attention.

The reality is that hackers are paying attention. They're always paying attention. Even when they are asleep, their automated little password-busting, data-stealing algorithms never stop cruising the internet in search of easy prey. These days, the algorithms are feasting.

Social Engineering Scams Never Went Away

Hackers are never averse to using basic psychology against their targets because such strategies work so darn well. With the newly expanded, and to some extent naive, the remote workforce in place, the bad guys are ratcheting up the pressure more than ever with old tactics (malware-laden emails) sent out under a new guise.

There has been an absolute tsunami of not only phishing but smishing (text-based) and vishing (telephone-based) appeals and "heartfelt" pleas using healthcare, charity, and other benevolent organizations as fronts.

U.S. Air Force illustration by the 97th Communications Squadron (by 97th Communications Squadron)

Popular tactics are to approach executive-level decision-makers and trick them into moving funds into what appears to accounts related to vendors, services, or virus-response activities. Such was the case when online trading platform Robinhood was hacked in 2019, as many users were started to find their login and password information was discovered on third party websites.

If you're not familiar with a particular organization, take a moment to look them up online. Legitimate operations will have tended properly to their online reputation. If you find nothing, be suspicious. With management besieged and under more stress than usual, the bad guys are successful more times than we'd like to think.

New Websites Often Means Weak Security

With the recent Congressional passage of a multi-trillion dollar aid bill for individuals, small businesses, and even corporations who are under strain from coronavirus-related loss of income, a plethora of websites have popped up both under government and private auspices.

Once again, thanks to the prevailing panicked attitude, these sites often go live before adequate cybersecurity precautions have been put in place, making them easy pickings for hackers.

Another common trick is to take advantage of people quickly typing who enter a website address that is off by one letter. Those looking to steal data know the common keyboard mistakes people make and are ready with a custom-built website that, at first glance, looks like the one you intended to visit but exists only for a nefarious purpose.

This all adds up to breaches, breaches, and more breaches. What's a CISO to do other than pull out what little remains of their hair? Quite a bit actually.

How IT Should Respond Under Pandemic Conditions

While those in charge of security were able to respond adequately in the early stages of the outbreak - after all, coronavirus isn't the first crisis in human history - it has gone on longer, with more momentum, and affected more people than probably anything since the last world war. There are no playbooks for this thing. Everything seems to be a Hail Mary with time running out and hope for the best.

Not quite. We can do a little better than that. Here is where IT and cybersecurity staff should aim for their efforts.

Focus and Downsize

Now is not the time to be rolling out a new set of security tools or undertaking a brand new round of chaos testing. Focus on what is critical to operations and make adjustments only as circumstances demand. For example, if the workforce is now forced to access the network remotely, implement a multi-factor authentication process.

Additionally, make sure employees know safe WFH protocols. After all, they've always had you to rely on and never been forced to learn this stuff on their own. What has passed for security procedures in the past was based around an on-site workforce and no longer applies. The good news is that the vulnerabilities are the same, there are just more of them. Educate and remind your frontline employees on how to be security-aware at home because that's where the threats will strike now.

Incident Response

While some departments might be more prepared than others for the shift to remote work, now is not the time to shake things up with a round of chaos testing. Other departments are already in chaos, and it has nothing to do with testing. Instead, focus on incident-response contingencies. If you have none in place, create them quickly. There is a high probability that the number of security incidents will increase and your team needs to know how to effectively deal with them without asking questions or dithering as to what comes next.

Pay Attention to New Intrusions

If there has been a sharp rise in the use of collaboration tools in your company, that would be a good place to remotely monitor for new strains of malware, especially if employees are not familiar with the software. The first step of your incident response plan should be to catch and prevent the threat from ever fully manifesting. It's a lot easier and less messy to prevent trouble than pick up the pieces after it arrives.

Final Thoughts

Keep this in mind. As destructive as the cybersecurity fallout from coronavirus might seem, all consequences are simply iterations or a rise in the level of incidents IT departments have been dealing with ever since going online became a thing. There's nothing new here, so don't panic. Take a deep breath and do your job. You know it inside and out. Tune out the screaming emails and bosses with eyeballs bulging from stress.

This too shall pass. Deal with it. Learn from it. Move on to the next thing secure in the knowledge that you will be much better prepared for the next pandemic that shows its ugly, invisible face.

By Samuel Bocetta, Security Analyst and Consultant – A former defense contractor for the US Navy, Sam Bocetta turned to freelance journalism in retirement, focusing his writing on US diplomacy and national security, as well as technology trends in cyberwarfare, cyberdefense, and cryptography. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Brand Protection

Sponsored byAppdetex

Whois

Sponsored byWhoisXML API

Cybercrime

Sponsored byThreat Intelligence Platform

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign