Invoked a business continuity plan to help your business keep trading through the crisis yet? If it doesn’t include cyber security training to prevent your employees from falling victim to a phishing attack then you’re missing a trick.
Why? Because hackers and cyber-criminals are nothing if not opportunistic. The current climate of global uncertainty represents the perfect opportunity for them to break into corporate networks and systems, by sending emails containing links, which purport to provide information about the coronavirus.
As far as modi operandi go, it’s a familiar one. Topical events are often the hook phishers use to reel their victims in. Hence, we’re peppered with messages about tax deductions and returns on and around June 30 each year and emails adjuring us to click here for discounts on desirable goods and services right around the time the Christmas rush sets in.
The powerful danger of information hunger
COVID-19 is an unfolding crisis, which has sparked the publication of a continual stream of news bulletins and commentary. Since 12 March, we’ve seen the announcement of three federal government stimulus packages, designed to cushion Australian businesses and individuals from the devastating economic effects of the virus. There are rolling tallies of patients who have tested positive being released each day and updates on the increasingly stringent shutdown measures being put in place by state and federal governments.
In a climate of unprecedented uncertainty and anxiety, Australians are hungry for information. That hunger may make them susceptible to clicking on suspect links, when emails offering information about testing services, relief measures and the like wing their way into their work and personal inboxes. Given your team will also be receiving plenty of legitimate messages on this score, from both internal and external sources, phishing emails can be easily camouflaged among them – and just as easily actioned by distracted and distressed employees.
Reinforcing cyber security messages in the time of crisis
While a robust cyber security posture may appear to be all about taking high-tech measures to combat the threat to business continuity and profits posed by hackers and cyber-criminals, people are, and always have been, the strongest and weakest links in the chain.
Whether they’re working in the office or remotely, reminding employees to keep their guard up may mean the difference between system infection and staying safe in cyberspace, over the coming weeks and months of the pandemic.
While the world around us may have been turned upside down and shaken, tips for doing the latter are the same as they ever were.
They include:
- approaching all unexpected and unsolicited emails with caution
- ascertaining whether emails have come from a recognised domain or business before opening them
- exercising extreme caution before clicking on links and attachments in emails, if you don’t normally receive them in your role
- checking to see if emails were sent during normal business hours. Given many phishing attacks originate offshore, messages received in the wee small hours have a greater probability of being illegitimate than those which arrive between 9 and 5.
Keeping your business secure
Employee awareness and education is one half of the answer to the question of how to protect your company’s network and systems from infiltration via a phishing attack, during the coronavirus period and in other less “interesting” times.
Organisations are also seeing value in the ability to proactively monitor their growing IT infrastructures and discover threats before they can cause disruption. Security information and event management (SIEM) software can aggregate data from multiple sources and analyse and act upon security alerts generated by the network and system.
Deployed in combination with other technologies and initiatives, such as endpoint protection and network control solutions, a SIEM solution can provide a robust digital shield to complement the human efforts of your team.
Keeping your guard up – in both interesting and ordinary times
While once-in-a-generation events like the current pandemic may throw governments, organisations and communities into disarray, it’s business as usual for hackers and cyber-criminals who see phishing campaigns as an easy way in.
Remaining alert to their propensity for cashing on crises and current affairs and taking steps to withstand them will help your organisation weather the crisis without the added complication of a data breach or system shutdown to contend with.
Joanne Wong, vice-president of marketing, Asia Pacific and Japan at LogRhythm
