Increased cybersecurity awareness during the pandemic

The coronavirus has impacted businesses and the lives of many around the world.

As the pandemic intensifies, cybercriminals are using this time to take advantage of vulnerable users. The number of cyber attackers, whether they are using phishing attacks, hacking or other malicious attacks, is increasing in organisations and they are now using the pandemic to further deploy such attacks.

With companies making use of increased mediums of technology to conduct work-related activities, the emphasis on cybersecurity has intensified. However, while there may be a number of security measures in place, the end-user will always remain the most vulnerable target. Creating a culture of cybersecurity awareness is therefore a key component to help combat cyber threats and attacks on organisations.

As the deadly pandemic intensifies and as we navigate the challenges that are presented, many of us are settling into working from home as the new normal. The new way of working has posed many difficulties such as maintaining calm and focus; balancing non-work-related priorities such as child care and family life; getting used to a new working office space; and of course the struggle to avoid the food and snack cupboard. These are the challenges we face and the compromises we make, but what we cannot compromise in this time is information security.

More than 100 000 new web domains have been created during the COVID-19 pandemic. (See https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ for up-to-date statistics.)

The cost of security threats affecting organisations can be significant if not managed adequately. Cyber attackers are lurking and taking advantage of people working from home. Generally, a network set-up from home will not include the same security measures found in a corporate environment. Organisations have not distributed suitable technologies or even security policies to ensure that all organisation-owned technologies − including organisation-owned devices − have the same security measures in place. This includes the use of enterprise or Wi-Fi networks.

Organisations need to understand the IT security threats faced by their IT environment and ensure that these are adequately addressed. IT security awareness programmes must be planned, implemented, maintained and communicated to employees. Employers need to set up clear and concise security communication to employees with the focus on educating end-users about these threats.

The COVID-19 pandemic has seen a significant increase in phishing emails, a common threat that has intensified in this time. Phishing attacks are highly targeted emails designed to induce the recipient into divulging passwords, providing bank account information, or using malware to directly cause financial losses. Cybercriminals are using fake email addresses that pretend to be from a legit source asking for valuable information. The following are warning signs of phishing emails:

Warning sign	Detail
Non-personalised greeting	A phishing email will generally start with ‘Dear User’ rather than your name
Urgent/threatening language	Phishing emails often have an urgent or threatening tone.Common phrases seen are: ‘Your account will be terminated’, ‘Your urgent response is required’, etc
URLs do not match and are not secure	A phishing email will always contain a link or an attachment
Poor grammar and/or misspellings	Phishing emails often contain spelling errors
The subject matter does not relate	Phishing emails generally contain subject matter that does not relate to you. An example would be banking information required for a bank you are not banking with
Request for personal information	Phishing emails mostly request personal information such as information about the organisation, your address, account number, cell number, etc

Tips for employees

Employees can implement the following measures to protect their data and networks:

Where possible, use only devices provided by the organisation.
Use a VPN only when necessary.
Update your router’s software. Home routers should be updated with the most current software and secured with a lengthy unique passphrase.
Think before you click on anything. Avoid downloading or clicking on unknown links in emails. If you are unsure, call the sender first. Hackers often use fake websites to trick you into giving sensitive information or to install malware onto your device.
Passwords need to be strong. Be sure to include a combination of lowercase and uppercase letters, symbols and numbers.
Do not share passwords online. In the event of a colleague requiring a password, rather call or message them the required password.
Make use of two-factor authentication; this acts as an additional layer of security.
With an increase in the use of email, ensure that emails are encrypted. This might include information that you might otherwise share in a conversation if you were at the office.
Update your devices on an ongoing basis. Updates include important changes that improve the performance and security of your devices.
In the event of technical support required, contact your IT department. Don’t try fixing issues yourself or even googling for the solution.

Tips for organisations

Organisations can protect their data and networks in the following ways:

When using VPN networks, ensure that these are fully patched and secure.
Implement multi-factor authentication as an additional security measure.
Update and increase system monitoring to receive early detection and alerts about any abnormal and suspicious activity.
Test remote access solutions capacity on an ongoing basis and if required, increase capacity.
Business continuity plans are an integral part of any organisation. Ensure that these plans are up to date.
All devices in use should have secured configured firewalls installed.
Ensure that incident response plans are updated and consider employees working in a distributed environment.
Increased emphasis needs to be placed on awareness of IT support mechanisms for employees working remotely.

Awareness is one step closer to preventing these attacks on organisations in the first place. After all, prevention is better than cure.

AUTHOR │ Pranisha Rama CA(SA), Senior Lecturer in Auditing at the University of Johannesburg

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Conducting a materiality assessment

Mapping and engaging stakeholders

Embedding a sustainability mindset throughout operations

Reviewing data processes and controls

Establishing targets

Developing a strategy, policies and implementation plan

Setting sustainable goals

Identifying and rating opportunities

Identifying and rating risk exposure