Essentials for secure and healthy teleworking

The European commission, the Belgian CERT and CCB warned that cybercrime in the EU has increased due to the COVID-19 outbreak.

As mentioned in the press, more and more hospitals, research hubs, and medical centers are being targeted by organized cyber units. The vast majority of the attacks are ransomware. Such destructive attacks against a hospital or any other health organization can put many lives at risk. The Brno University Hospital in the Czech Republic suffered such an attack earlier this month.

Healthcare organizations are not the only ones targeted. Schools, parents, governments, etc. are also becoming the victim of cyberattacks.

In this blogpost, we would like to share some insights and focus points to protect you against cybercrime.

Why are hackers abusing COVID-19?

The numerous COVID-19 malicious email campaigns are abusing people’s fear with regard to this crisis. As businesses and consumers are affected on a global scale, there is a large database for malware distribution. The increased use of social media, and person-to-person electronic communications to spread news, instructions, opinions and so on form the perfect ingredients for hackers.

How are hackers exploiting COVID-19?

Hackers are exploiting COVID-19 through:

  1. Phishing emails

Phishing emails are emails that trick the recipient into clicking on a malicious link, which allows hackers to steal credentials for example. The phishing emails that abuse the COVID-19 subject are on the rise and getting better by the minute.

We have published a blog in which you get practical tips to detect phishing emails using a clear COVID-19 related example.

  1. Malicious apps

Apple did its best to block Malicious COVID-19 related apps in its App Store and Google removed them from its Play store; however, malicious apps still pose a threat to users.

  1. Bad domains

A record amount of COVID-19 related domains have been created during the last weeks. Some of these domains are malicious and used for disinformation or cyber-attack initiation.

  1. Insecure endpoints and end-users

Endpoints that employees use at home could become more vulnerable if they fail to update their systems on a regular basis. The relatively long time they have to work from home may force users to use shadow applications out of company control.

COVID-19 phishing facts

Fact check:

  • Currently, 70% of the malicious email campaigns related to COVID-19 deliver malware
  • 30% of them steal Gmail or Office 365 credentials
  • We are seeing the greatest collection of attack types united by a single theme in years.
  • There have been COVID-19 phishing email waves with up to 200.000 email recipients.

What are your COVID-19 challenges?

We cannot make the ‘perfect’ list for all companies as they are all unique and face different challenges. What we can do is share the most common ones our customers are currently facing:

  1. Business continuity: provide sufficient network bandwidth, VPN capacity, corporate laptops or remote desktop access.
  2. Limited (IT) staff: ensure systems remain up and running 24/7 with a limited number of IT staff on-premise. Furthermore, it is important to keep up the wellbeing of all employees.
  3. Visibility and control: guarantee visibility and control over your IT environment now users are working from home. Ensure regular review of security incidents.
  4. Vulnerability management: safeguard vulnerable users, endpoints, servers and central systems.

One thing is sure. These cybersecurity challenges are based on people, processes and technology. During the next few weeks, our experts will write multiple blogposts focusing on each these topics. Stay safe and stay tuned!

People

People skills and behavior are intangible success factors and are often underestimated in cybersecurity. In these times where a lot of your colleagues are teleworking, you need to watch over their health and productivity. In these blog series, we will dive into different people aspects by giving clear tips. 

Read more about PEOPLE

Process

New blogs coming soon

Technology

New blogs coming soon