While the COVID-19 pandemic is first and foremost a health and humanitarian crisis, there’s a massive business impact which is challenging our cybersecurity world. (SITREP: Cybersecurity Risks Related to COVID-19 (PDF)). While many organizations may have some form of remote working environment, it’s possible most have never conducted a full remote worker business continuity test, much less developed the culture, technology, communication and policies that will have to work together nearly simultaneously in today’s global context. As you might expect, adversaries are seizing the day to try to disrupt enterprises which may be already struggling to maintain operational continuity in the rush to work from home. 

While necessary and important in these difficult times, working from home creates an attractive proposition for threat actors to step up social engineering campaigns. Malicious actors are taking advantage of workers being comfortable in their homes by conducting phishing, ransomware, business e-mail compromise—especially using keyword lures associated with coronavirus or related current events. (SITREP: Cybersecurity Risks Related to COVID-19 (PDF)).

In an environment where reliable information is scarce, there seems to be no end to the opportunism of the cybercriminal. More than 6,000 coronavirus-related domains have been registered since January, 2020¹. Although not all represent a threat, many of these sites are suspected to support a wide range of malicious activity, including credential harvesting, carding fraud and malware installation. COVID-19 domains are reportedly 50 percent more likely to be fraudulent than other domains. And just like the virus, cyber activities have sprung up from threat groups operating out of multiple locations across the world, including Russia, Iran, North Korea, Vietnam and Pakistan.

So, how can you help protect the safety and security of your people, and the data and technology they need to work from home? And how can we all better manage the “new normal” threat landscape?

Protect your people

Just like hand-washing and social distancing, protecting people and the business can be reinforced through regular, consistent, and clear communications. Stressed people tend to make bad decisions, so helping them feel safe and secure and communicating on both emotional and rational levels can be useful in winning “hearts and minds.” Reminders about strong authentication on all devices should be coupled with support—preferably, a single point of contact for reliable information. For example, in Accenture we hold one-on-one conversations with security team members and have built a virtual crisis management “war room” to quickly disseminate information.

Here’s some other ways you can help your people to protect themselves from work-from-home vulnerabilities:

  1. Make employees aware of company information protection procedures, including those around hard drives and file encryption in storage and in transit.
  2. Brief employees on home network best practices, including the use of non-default router and Internet of Things passwords, SSID broadcast hiding and the configuration of trusted DNS providers.
  3. Help work-from-home employees to understand how to configure and connect to company Virtual Private Network (VPN) providers and avoid split-tunneling.
  4. Plan fallback measures for phone-based and off-net communications and work, as many VPN providers may experience issues with the large influx of users joining the network.
  5. Update computers and devices for work-from-home employees with the most current system and application versions.

While fake news and phishing are very real threats, you can give your people reliable sources of information and discourage the use of spoofed URLs. The U.S. Department of Homeland Security recommends sites such as the Cybersecurity and Infrastructure Security website or the Cyber Readiness Institute quick guide, Securing a Remote Workforce.

Remember that you can also include good communication outside your own four walls. It’s important to collaborate with vendor partners on security and continuity of operations. As Accenture’s Third Annual State of Cyber Resilience research found this year, 40 percent of security breaches are now indirect as threat actors target the weak links in the supply chain or business ecosystem.

Ask the right questions

The job of security chiefs is difficult enough but when hundreds or thousands of employees suddenly stop commuting into the office and start logging in from anywhere, they can be faced with a whole new ball game. Like every good back-to-basics security program, there are four fundamental questions executives should address:

  1. Who is a potential threat? Cybercriminals who have attempted breaches before will most likely try again. Bear in mind, new threats are constantly emerging—for instance, as nation-states try to exploit work-from-home environments.
  2. What are the logical threat vectors? Take account of the thousands of coronavirus-related domain names emerging since January 2020, creating new opportunities to breach cybersecurity defenses.
  3. What is the impact of disinformation? As people seek information, threat actors attempt to take advantage of confusion and uncertainty to penetrate cyber defenses. Communicating first can help disinformation loses its power.
  4. Where are your vulnerabilities? Ask what concrete steps the enterprise can take to enhance cybersecurity in the current environment. Recognize budgets may be affected almost immediately and plan accordingly.

In such a climate, health and safety clearly comes first. Securing the continuity of operations has taken on a whole new dimension—it should include culture, communication, policies and technology. And, as the coronavirus has shown us, you can never be too prepared.

I invite you to take a look at the latest Accenture Security report, “SITREP: Cybersecurity Risks Related to COVID-19 (PDF),”—and please do stay safe.

 

¹ Accenture iDefense, proprietary data and analysis; Accenture Threat Intelligence Service platform

Howard Marshall

Managing Director – Accenture Security

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog