By Loretta Worters, Vice President, Media Relations, Triple-I
Advanced Persistent Threat groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Weak and stolen passwords, back doors, applications vulnerabilities, malware and insider threats have been among the most common causes of data breaches in the past. But according to a recent Willis Towers Watson report new threats include:
- Phishing, using the subject of coronavirus or COVID-19 as a lure;
- Malware distribution, using coronavirus or COVID-19-themed lures;
- Registration of new domain names containing wording related to coronavirus or COVID-19; and
- Attacks against newly and often rapidly deployed remote access and teleworking infrastructure.
Security breaches have increased by 67% since 2014, yet businesses fail to take the proper precautions. Ransomware has become big business for “professional” criminals, crippling large and small businesses alike. But small businesses are especially attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.
A remote workforce due to COVID-19 has made many organizations address issues of remote access and the need for multifactor authentication and virtual private networks (VPNs). But others – less cyber savvy— have left themselves exposed to cyberattacks.
In addition, vishing (via telephone) and smishing (via text message or WhatsApp) attacks have also increased in frequency, and in a work from home environment where colleagues and clients are increasingly connecting via mobile phones, vulnerability increases, according to a new AON Report. Short message attacks will generally seek to redirect a victim to a compromised website in order to harvest user credentials.
According to a recent survey by the Small Business Administration , 88% of small business owners felt their business was vulnerable to a cyber-attack – and that was before the pandemic. Yet many businesses can’t afford professional IT solutions, have limited time to devote to cybersecurity, or don’t know where to begin.
In observance of National Cybersecurity Awareness Month, Triple-I offers U.S. businesses these seven tips for improving their cybersecurity and averting data breaches:
- Understand your cyber risks. Businesses are vulnerable to cyberattacks through hacking, phishing, malware, and other methods.
- Train Staff. Those engaged in cyberattacks find a point of entry into a business’ systems and network. A business’ exposure can be reduced by having and enforcing a computer password policy for its employees.
- Keep Software Updated. Businesses should routinely check and upgrade the major software they use.
- Create back-up files and store off-site. A business’ files should be backed up either as an external hard drive or on a separate cloud account. Taking these steps are vital to data recovery and the prevention of ransomware. Ransomware is when a cyberattack results in a situation where a business is asked to pay a fee to regain access to its own data.