Cyber-criminals often take advantage of crisis situations to exploit victims with cyber-attacks, scams and frauds. The current coronavirus public health crisis is now actively being used by E-Crime groups in a variety of malicious cyber campaigns, designed to capitalise on public fears.
Several malicious campaigns have been observed, impersonating health officials around the world, using phishing emails, text/SMS, and social media posts to steal credentials and obtain sensitive corporate and personal information. As well as credential stealing phishing emails, malware including ransomware is actively being distributed in coronavirus-themed emails, where victims are encouraged to open malicious attachments.
Furthermore, it's important to understand some of the risks remote working introduces to corporate IT environments, if not managed properly. Many will look to work remotely as the situation in the UK develops. Rushing to facilitate insecure methods of remote working can expose internal systems and data if not properly protected. Allowing remote access from unmanaged personal computers, can pose further threats that could lead to the compromise of an organisation’s internal environment.
Due to this, we've put together some guidance to help keep your organisation and staff secure.
Raise awareness across the organisation around being cautious of unexpected emails or websites that claim to provide information on the coronavirus outbreak. SPAM emails are likely to stress a sense of urgency whilst requesting some action or information from the recipient.
Follow email security best practices
Do not open unsolicited emails, click links or open attachments within those emails. If in doubt, Doherty's service desk can assist in determining an emails legitimacy.
Risk assess remote access
Risk assess remote access arrangements carefully. Remote access into your corporate IT environment or any services being exposed to the internet should be well protected from unauthorised access with multiple layers of security.
Your organisations policy should be followed regarding personal devices remotely accessing company systems and data. Depending on your policy, extra care should be taken to ensure staff using personal computers to connect in, are fully patched with the latest software and operating system updates and have a reputable, up to date anti-malware solution installed. Staff should further be reminded of the risks involved in transferring corporate data to personal computers or personal email addresses.
If you're concerned about the threats your organisation could be facing, contact our experienced team of security experts today to find out more.