The frequency and severity of cybersecurity risks are a growing concern. As COVID-19 rages on, malicious cyber actors are exploiting the pandemic to disrupt businesses. According to Hiscox, up to 65,000 attempts to hack small to medium-sized businesses in the UK occur daily, of which 4,500 attempts are successful. Another report by Carbon Black reported that despite the frequency and severity of these attacks, only about 31% of companies conducted a risk assessment in the last 12 months.
Cybersecurity risks facing businesses
COVID-19 themed cyberattacks are cunning and sophisticated, increasing the likelihood of successful data breaches. Three cyberattacks businesses are wrestling with during the pandemic are:
- Phishing attacks take advantage of persons’ fear and desperation to ascertain the pandemic’s latest figures and general safety information. These attacks come in the form of SMS and emails with a malicious link that takes victims to a phishing website to steal personal data.
- Ransomware attacks use social engineering tactics to encourage the opening of a tainted file or downloading an app that contains malicious software to infect devices. In some instances, this malware encrypts a company’s data, essentially blocking access to critical information. Threat actors demand a ransom to release or decrypt the data. In particular, healthcare has been affected by ransomware attacks at a time when hospitals and clinics are in a frenzy dealing with the impact of COVID-19.
- Attacks on remote working infrastructure have increased as more businesses allow their employees to work from home. Communication platforms have become a target for hackers in line with a surge in the use of video conferencing tools such as Microsoft Teams and Zoom.
5 solutions for businesses to mitigate cybersecurity risks
- Implement risk management: An effective risk management policy should be in place to identify and address vulnerabilities to boost a company’s resilience. This robust cyber-risk management plan is imperative to help prevent data breaches.
- Use a VPN: Businesses should consider encouraging workers to use a Virtual Private Network (VPN) as part of an effective risk management plan. A VPN is a secure way to navigate the internet and prevent hackers from tracking your online activity. Companies can also use VPNs to encrypt data in transit when an employer accesses email or a system file.
- Prepare staff to work from home: One of the weakest links in business security is an ill-prepared employee. Before employees switch to remote working, they should know the safety measures to practice while at home. Teach them how to recognise suspicious emails to prevent a phishing or malware attack and discourage using personal computers to access a company’s network or data.
- Apply two-factor authentication (2FA): Where available, implement 2FA when accessing sensitive data. Another recommendation is to use strong, unique passwords to log into accounts and never use the same password for different accounts.
- Back up data: It is critical that businesses backup their files in a place that is not connected to their network. Consider storing an extra copy of your company’s data in the cloud or using an offline storage device. Properly backing up data allows a business to access its information even if its network is infected with ransomware.
