Research shows that more than 16-million Covid-19-related cybersecurity threats were detected during 2020 – a year when many of our businesses, industries and sectors prioritised working online.
These cybersecurity attacks ranged from malicious URLs, to spam emails and malware – and many of them made direct or indirect reference to the global pandemic, while others involved Covid-19 scams. Of these 16-million threats, close to 90% were malicious spam.
“As the world quickly (and unexpectedly) moved to a remote-working model, digital transformation was catapulted forward and businesses around the world were faced with vulnerabilities and security gaps that resulted from employees working from home,” says Zaheer Ebrahim, senior sales engineer at TrendMicro.
Protecting your organisation and employees is critical as working remotely and hybrid working environments have become business as usual.
Ebrahim shares four simple considerations to protect your business against cyber threats:
Periphery, perimeter and parameter checks
Cyberattacks can happen across various entry points of the business. This is why understanding how to enable security parameters for endpoints, cloud applications, email and web is critical. Utilising security solutions that deliver proactive global threat intelligence against zero-hour threats ensures that you are always protected.
Policy, process and procedures are a must
Internal policy documents and best practice guides should be a non-negotiable for any organisation with remote employees, including educating employees, new and current, about phishing attacks, potential hazardous URLs or even emails from within the organisation.
If it’s connected it must be protected
2020 saw a 67% increase in smartphone related malicious attacks compared to 2019, including Cerberus an Android banking Trojan that allowed attackers to infect and assume control of Android devices, allowing attackers to conduct overlay attacks, gain SMS control, and harvest the victim’s contact list.
Smartphone best practices to keep in mind include:
* Verify an application’s legitimacy before downloading it;
* Implement the same security best practices against common network threats;
* Physically secure mobile devices against threats and tampering; and
* Install mobile security solutions and multilayer mobile security solutions.
Invest in security training for users
Unknowing employees are often the weakest links in corporate security chains. Undertaking regular training sessions and skills sharing is crucial to empowering employees to safeguard themselves and the organisation.
“Failure to plan for and safeguard against this next generation of cyberthreats remains one of the biggest downfalls for organisations,” concludes Ebrahim. “The findings of our 2020 Annual Cybersecurity Report show that the shift to a remote workforce has opened up a world of new vulnerabilities that could have serious financial and reputational harm to organisations across the globe.
“It’s not only about teaching employees to recognise the newest methods and signs of potential breach attempts, but also to change employee behaviours and create a culture of accountability for personal and work-related devices, as well as online habits.”