In times of crisis and pandemic, opportunists spread and their goal is to make money and a crisis is the perfect gimmick to get it.
In July 2020, Twitter was the victim of a major hacker attack. A large number of high-profile, verified Twitter accounts have been compromised and used to promote a Bitcoin scam. The attackers used the accounts to send tweets asking Twitter users to send Bitcoin to a cryptocurrency wallet, which would then be doubled. Access to the inboxes and Twitter data of some of the affected accounts was also verified.
This attack proves that even big brands are not immune to hackers. Twitter acted swiftly to address the threat and to minimize the risks to users of the platform. This event highlights even more the increasing security risks we face today. Threat actors are getting even more creative and daring to extort money, which means we should all keep the attention threshold high.
Already in April, Interpol had highlighted an increase in ransomware attacks in the health sector despite the emergency situation: according to Interpol , the phishing attacks that occurred via email contained false information or advice on the coronavirus from a government agency. Some ransomware groups have offered discounts to unlock systems, but there has been no shutdown of these malicious activities.
Organizations around the world have rushed to enact remote work policies or have tested their current policies more than ever, as many people have found themselves working in a home setting for the first time. This created a perfect opportunity for the hacking community to implement phishing and spoofing campaigns targeting employees, especially taking advantage of the increased stress and uncertainty and less attention to detail caused by the lifestyle change due to work. from home.
There is no doubt that organizations need to consider the change that has taken place in the workplace, taking steps to ensure that every employee is ready to work from home now and in the future, with the aim of mitigating risks.
Concrete measures in the short term
Organizations had to take immediate action to protect their employees and, in turn, their infrastructure as well. The first was to secure devices, including laptops and phones, so they could be ready for remote use. The same measures should also apply to every PC and tablet at home that are now also used for work activities.
Organizations need to check that employee emails are configured correctly as well as endpoints so they can block email from cyber attackers. Using VPN or remote access solutions have become important for users who need to access their work environment securely. If they haven’t already, businesses should make sure they have accounts securely with two-factor authentication.
With the sudden increase in the number of employees working from home, VPNs are becoming saturated leading to performance and availability problems; if VPNs are bypassed, networks are exposed to new threats. Additionally, employees are using a lot of collaboration solutions like Webex, Teams and Zoom, and this mode of interaction has significantly increased the pressure on network load. As a result, continuous monitoring of network performance and availability has now become a necessity.
Internal guidelines to prevent cyber security threats
Training employees on potential risks and disseminating good practices and clear guidelines for reporting suspicious activity remain crucial for any organization. Businesses should give employees the ability to securely report potentially suspicious activities or emails. This way IT technicians can quickly spot phishing attacks and train the workforce on what is or isn’t suspicious activity. Employees should take a cautious approach: “the slightest suspicion should result in a report”. If multiple employees have received the same suspicious email, the security team can share a screenshot with the entire workforce.
The creation of an official communication channel is essential. In a pandemic situation, employees may be more susceptible to opening questionable links as they search for the latest information related to the emergency situation they are experiencing.
Businesses can manage this process by regularly posting situation updates, recommending verified news magazines for more information. Using Microsoft Teams or Slack can help and be an alternative to classic email. In fact, if employees expect to receive important company updates through another channel, they are less likely to trust and click links received via email.
The next transition: looking forward to a hybrid workplace
For now, we cannot yet analyze the impact of quarantine and isolation on remote working. Employees may want to go back to the office and be with their colleagues. Or it could be that the benefits of working remotely – no commuting, working in a comfortable environment, fewer unnecessary meetings – would make it a much more popular option. According to the ISTAT Annual Report , over 4 million Italian workers work in smart working, 3 million more than in 2019. However, the results showed that the number could potentially double and companies need to be prepared for a change in long term.
IT has taken us through many transitions – to an information age – and our next transition will be to a hybrid workplace, where working from anywhere and from any device will be the new normal.
- IT teams will need to provide long-term support to withstand the inevitable changes to come. They will have to make applications and infrastructures “bomb proof”.
- Ensuring continuity of productivity will be impossible if employees do not have access to easy-to-use and configurable platforms that allow them to do their jobs as if they were on-site.
- Providing adequate means to communicate, coordinate and collaborate will be essential so that we can continue to work at full capacity.
- Personal devices must be considered as part of the company’s IT infrastructure and secured. This will raise new questions: “Will the IT team feel too involved in this situation? How will companies be able to train their employees without it looking like an intrusion into their daily life? ”. These issues will be discussed beyond the specific work of the IT department.
The current crisis will most likely affect the way we work and collaborate. However, the effects may be more subtle or unexpected, longer-term than many predict. For now, companies need to focus on preventing cyberattacks, but over time they will need to reflect on the long-term effects. Organizations will have to bear both the immediate effects of the lockdown and the long-term changes it will bring. Although many companies have continuity plans within them, COVID-19 could be the first truly global test. IT teams are at the center of attention and must respond in real time to a rapidly changing work environment – IT service providers must provide support in this transition and to ensure business continuity into the future.