Now is the time to dig deep and invest in your business especially when the markets are low and you’re facing a downturn. Keeping focussed and on-point is essential.
As businesses face low income, forced to cut costs, the possibility of closure looming and overall, general fear and uncertainty as a result of COVID-19, these distractions lose that focus especially when it comes to IT and cyber security. Businesses have to keep tight of their IT and cyber security processes as a cyber attack from opportunist threat actors could be imminent and the fallout would be devastating.
Many companies will be invoking their well-designed business continuity plans, but those will be a very small percentage in the SMB marketplace. The majority will be forced to implement reactive business continuity solutions to do whatever they can to keep their business trading and staff working. From simple setups as enabling business owners and staff to remote into their company workstations from home and being able to access cloud IT services. Staff may not have even known how to do this four weeks ago.
In the current coronavirus crisis situation, people are far more easily distracted and in a heightened state of anxiety, making them far more susceptible to attacks.
We have already seen convincing phising emails from official sources such as the NHS, HMRC, Royal Mail, IT Departments and government agencies telling you to do something. Click here, download this, update that, enter this. There are even telephone calls again from seemingly official public resources with pre-recorded messages asking you to enter your personal information on your phone key pad. Beware, beware, beware. These are all standard phishing and vishing scams designed to steal your personal information or install ransomware on your computers and network. They are just using coronavirus information to lure you in. Do not fall for it. Ensure you have updated your cyber security awareness training with your staff to include coronavirus threat content and it’s always good cyber hygiene practice to invest in email filtering at the domain level.
In the meantime, check out the video below on spotting standard phishing attempts.
Ensuring the devices that your staff are using from home if they are not taking home business equipment are secure is critical. The computers your staff are using to access their office workstations need to have anti-virus installed which is up-to-date and any cloud IT services, including document sync services are locked down with the correct file privileges for staff. What we don’t want to happen is a virus or malware to sync upwards to the document store and infect the entire business network. Ensure all workstations, laptops and computers used for remote working (both remote and at your offices) are all up-to-date with the latest anti-virus software and definition updates, ideally with a central dashboard to see and manage all of them. An additional security step would also be to ensure the anti-virus software used across all of the machines includes web filtering protect staff with safe surfing online and protection from malicious URLs within phishing emails.
The other key point to keep in mind is that the mindset of the home worker is different from the office worker. They are far more relaxed at home and therefore far more easily to make a mistake when it comes to not spotting that phising email, clicking a link or falling for online scams. So ensuring that two-factor authentication (2FA) has been enabled on cloud platforms such as Microsoft Office 365 to combat cyber threat attempts such as portal hacking and that your cyber security awareness training is up-to-date with your staff is crucial, as well as having the cyber security technology layer in place in case they do make an error in judgement.
Fake emails and phone calls from suppliers who have been hoaxed is already happening. Invoice fraud from reputable suppliers and companies with invoices received yet bank details have been changed. Asking for payment immediately. It is rife out there because criminal opportunists and cyber fraudsters are doing everything possible to cash in on people’s fragile emotional states and lack of judgement as a result of the coronavirus pandemic and home isolation. From a first person perspective, perhaps you’re trying to purchase equipment online from non-reputable sources as all mainstream suppliers are out of stock and it is urgent. Can you really trust where you are buying from? The entire supply chain has been delayed and held up so it is extremely unlikely the website you have seen with your equipment or necessary business essentials have an abundance in stock or “Just 1 item left” message displaying. Think before you click and before you give away your precious much needed money during this economic, social and health crisis.
There are a significant number of coronavirus resources online, such as maps showing where and how the virus is spreading across the globe. It has already been identified by Malwarebytes that some are hoax sites and although they may be showing some correct data, behind the scenes they are littered with malware, viruses and ransomware. Some are so dangerous that as soon as you land on the websites it is already silently installing ransomware on your workstation which could easily spread to the rest of your staff through document sync services or even via Wi-Fi and bluetooth. A nightmare for a business under the current climate to have to face when cash is needed to remain within a business. Although web filtering and anti-virus agents are trying to combat and block these URLs, threat actors and cyber fraudsters will continue to manipulate this environment to their own gain. So be vigilant, look very carefully at the website URL to ensure it is accurate and not a hoax and only use authorised coronavirus online resources through government and national health links.
Social engineering attacks are also extremely viralent at the moment. Posts on social media platforms saying that they still have some essential stock available for ordering or offering services to tackle your cashflow problems. Knocking on doors pretending to be from the government or a health agency attempting to sell coronavirus health kits or a security audit at your premises. Online medicines claiming to cure coronavirus, letter drops from companies try to sell you something or give you something and phone calls from suppliers and government agencies making you do something all with the end goal of stealing your money.
It is very difficult to remain composed during a global crisis, however, checking, checking and then checking again before acting is essential to minimising any security mistakes or cyber fraud. As the aged old saying goes, “if it seems to good to be true, it tends to be”. Use your careful judgement and be safe.
Ensure that your business is protected against the evolving threat landscape through cyber security measures and a solid Disaster Recovery (DR) Plan. Complete our FREE Business Continuity Review and proactively help your business stay on its feet @ https://www.amazingsupport.co.uk/business-continuity-review