A different kind of virus: What you need to know about online security during lockdown

By Jocelyn Levy | 2nd November 2020 | 9 min read

There has been a dramatic increase in cyber-attacks as a result of the COVID-19 pandemic. Private companies, government bodies, healthcare and pharmaceutical organisations across the country have been targeted by attacks over recent weeks.

Unfortunately, with many organisations at their most vulnerable and adapting to life under lockdown, cyber criminals are taking the opportunity to exploit and deceive with COVID-19 related cyber-attacks. In fact, in early April, the UK’s National Cyber Security Centre and US Department of Homeland Security published a joint advisory, evidencing a spike in cyber threats towards both organisations and individuals.So, what does your organisation need to know and how can you prepare now to avoid the worst?

More than just a virus

Cyber-criminals are actively taking advantage of the fear and panic around the pandemic to exploit companies with COVID-19 related campaigns. Malware, or malicious software, is any file or program designed to harm a device and the user. Most of us are more familiar with the term ‘virus’, however, malware comes in a variety of forms, including ransomware, scareware, adware, spyware and more.

Before the malware can do any damage, however, first it must be ‘activated’ on a device. This brings us onto phishing.

On the look out

Did you know, 91% of cyber-attacks launch with a phishing email? By far the most prevalent online attack, phishing is a fraudulent practice in which cyber-criminals claim to be from reputable organisations; in fact, many incidents have occurred in which the scammer feigns being an employee at the recipient’s company.

Phishing scams circulate to both corporate and personal email accounts with the purpose of tricking individuals into sharing sensitive information or opening a malicious link or attachment.

Malicious links are likely to launch the second stage of a cyber-attack, releasing a payload to initiate more damaging activity. Often, this is a ransomware attack which, for SMEs, educational or private organisations, can be particularly dangerous.

Ransomware encrypts a user’s files and data, enabling attackers to hold the victim to ransom until their demands are met. Often, these demands come in the form of a not inconsiderable fee. Unfortunately, phishing campaigns can be particularly deceiving and very hard to identify.

Who is at risk?

Many cyber-attacks are at random and are a matter of opportunity. In other instances, organisations may be targeted because are they are considered more likely to pay-up quickly to avoid reputational and/or financial damage. In either case, your organisation should be proactive when it comes to fending off and avoiding any form of cyber-crime. Failing to do so can have catastrophic effects.

Awareness

Ensuring your team are knowledgeable about all things cyber-security is vital. Take a proactive step towards protecting your organisation by delivering relevant training on safe internet practices and, most importantly, identifying potential phishing scams. Ensuring all staff (and students, in the case of educational institutions) have a good understanding on basic email practices is key to protecting staff and stakeholders against cyber-crime.

2FA and forgotten passwords

Managing passwords across your organisation can be tricky, particularly following holidays, absences or half-terms. For IT teams, resetting passwords to access servers and accounts is time-consuming; for staff, it can be cause for embarrassment, often resulting in security risks.

Our password management systems integrate with a centralised IDManager network, eradicating any requirement for IT teams to be involved in the password reset process. Users are provided with a temporary password which they can use to log into their accounts, before resetting their passwords and getting on with their day.

Security experts agree, passwords alone are no longer enough to protect online accounts and systems. Multifactor authentication (otherwise known as two step verification) combines a standard password with a second authentication process.

While this may be a source of frustration for some, multi-factor authentication adds an additional layer of security to accounts and systems. If an employee is tricked by a phishing scam into handing over a password, for example, multi-factor authentication ensures a hacker would be unable to gain access.

With remote working now widespread across the country, agencies have detected cyber-criminals actively scanning for vulnerabilities in software. It’s up to you to protect your systems against potential attacks.

BioStore multi-factor authentication and password management solutions offer a variety of methods to improve security, including biometric fingerprint scanners, card or pin. Take the first step towards improving security for your organisation. Get in touch to find out more.