Staying Cyber Resilient During a Pandemic

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than we ever have before.

Are you prepared for today’s attacks? Discover the year’s biggest cyber threats with the annual Webroot Threat Report.

It’s not likely that cybercriminals will cut us a break during this difficult time of quarantine and pandemic outbreak. If anything, we will only see an increase of attacks and ransom amounts since this is when infrastructures of modern civilization are needed most but have the least amount of time to react and debate on paying or negotiating the price. Also, many of the cybercriminals who breach and ransom as a side job are now forced to either work from home or their shifts are completely canceled, leaving them with more time and motivation to make up their income elsewhere. This is a prime circumstance for increased cyberattacks, and individuals and businesses should be hyper aware of their behavior both online and offline.

Not only are phishing and ransomware attacks, which tend to capitalize on current headlines, on the rise, but business email compromise (BEC) is also up. BEC is when a cybercriminal breaks into a legitimate corporate email account and impersonates the real owner to defraud the business or its partners, customers, or employees into sending money or sensitive data to the attacker. With so many more people working remotely and less able to verify emailed requests from coworkers as legitimate, you can imagine how this threat could run rampant.

What follows are cyber resilience tips for staying safe, both for individuals in their personal lives and for businesses with remote workers.

Cyber Resilience Tips for Individuals

What to do:

Find information about COVID-19 at the official sites of the World Health Organization (WHO) or the U.S. Center for Disease Control (CDC).
Ensure you have antivirus protection on all your devices, and that it’s up to date.
Exercise caution when providing personal information. Be very suspicious of requests for personal information that occur via email, phone, text message, or social media message.

What NOT to do:

Do not open emails regarding COVID-19 from unknown senders. These could be phishing scams.
Do not click on links in emails regarding COVID-19. Email links can be used to spread computer viruses and other malware.
Do not download or open email attachments from unknown senders. These could contain viruses and other malware.
Do not click on links in social media messages, even if they are from someone you know. Your contacts’ accounts may have compromised.
Do not click on ads or social media posts regarding COVID-19. They may be fake and contain malicious content.

Watch out for SMS-based phishing attacks that may look like this.

Cyber Resilience Tips for Businesses

The best defense is prevention. To prevent, you have to plan ahead.

Be prepared for remote work conditions.

Life gets in the way. Between severe weather, personal emergencies, illness, and worker wellbeing, employees need to be able to work from home for a variety of reasons.

Enable everyone to work from off-site locations.
Ensure all employees feel welcome to work from home when needed.
Install robust endpoint security on all devices so employees and data stay safe.
Give all employees access to a VPN to help protect corporate data, wherever they connect.
Implement measures to back up data saved on local devices while workers are remote.
Add collaboration tools so teams can continue to work together while physically separated.
Warn employees about phishing and BEC. Share the Cyber Resilience Tips for Individuals we included above, and encourage employees to be extra vigilant about unexpected invoices or other financial requests. Even when we’re all remote, it only takes a quick phone call to verify the legitimacy of an unusual request.

Be prepared for threats to your data.

From modern cyberattacks to natural disasters and physical damage, there are a lot of threats to your critical business data.

Protect all endpoint devices, including computers and servers, with next-generation cybersecurity solutions.
Create a data backup process for data availability at alternate business locations when the main office is closed.
Implement high-availability data replication and migration safeguards ensure data is available, no matter what happens.
Add protection for Microsoft Office 365 and other collaboration platforms so content stored and shared in the cloud stays safe.
Use a solution that includes device monitoring, tracking, and remote erase functionality so lost or stolen devices can be located or wiped.
Empower employees to become a strong line of defense by educating them about cybersecurity and data safety risks.
Make sure to use RDP solutions that encrypt the data and use 2FA authentication when remoting into other machines as the presence of an open port with RDP was associated with 37% greater likelihood of a ransomware attack.

Our Commitment to Resilience

Rest assured, we’re practicing what we preach. All of our global employees are able to work from home securely. In these crazy times, it’s more important than ever to redouble our focus on helping each other. At Webroot, we feel it’s our social responsibility to do what we can to keep one another safe, both online and offline. We hope you’ll join us in our commitment to resilience. Stay safe and healthy, everyone.

About the Author

Tyler Moffitt

Sr. Security Analyst

Tyler Moffitt is a Sr. Security Analyst who stays deeply immersed within the world of malware and antimalware. He is focused on improving the customer experience through his work directly with malware samples, creating antimalware intelligence, writing blogs, and testing in-house tools.