Cybercriminals will use any situation to their advantage – and the Coronavirus pandemic has given them more opportunities to cause misery. The dramatic increase in remote-working has meant that greater numbers of people are having to access the Internet in order to be able to work and this creates extra potential vulnerabilities that can be exploited. Additionally, many more devices are being used, and this again can create opportunities.
And it is not just private sector businesses that are being targeted. The World Health Organisation (WHO) for example, reported a significant increase in cyber-attacks against staff since the beginning of the pandemic. As well as this, some cybercriminals have even resorted to impersonating the WHO in order to try and obtain financial details by asking for donations.
What are the key principles when it comes to fighting cybercrime?
If fewer people have access to key systems/information then there is a reduced likelihood of things going wrong because the number of possible breach points is reduced. There is no real need for the receptionist to have the access to all the same data/systems as the CEO, and by allocating each user with the minimum necessary access, you are reducing vulnerabilities and also ensuring that confidential data is harder to obtain.
This is one step that can be taken that makes it harder for cybercriminals to infiltrate the inner workings of your system. By breaking down your network into sub-layers and self-contained areas, you can make sure that key files are protected by multiple layers and that access points are reduced and those that exist are less vulnerable.
You should, of course, have a strong outer perimeter including firewalls but you should not rely on this alone. The more layers that you have, the better. This extra protection means that if one area/layer is breached, this does not need to be the end of the world, and your most crucial files/data can remain secure.
This is essentially your last line of defence. Assuming that the hackers are able to access your files, encryption means that the contents of the file are nonsensical without the correct encryption key. Advanced hackers may be able to decrypt some files but at least it will slow them down, potentially buying you time to change key data/passwords or warn people about what is happening,
All your confidential files should be encrypted – as should network traffic, where at all possible.
Even a basic two-factor authentication is able to stop an initial wave of breaches from occurring. And it doesn’t have to be complex. Having said that, the more personal it is, the harder it is to replicate. For example, your fingerprint is much harder for a criminal to steal/get hold of than your PIN code and password-cracking software is useless if your device uses facial recognition.
The thinking behind most of these is that, even if someone is able to guess/crack your password, they will struggle to get past the second stage because this will either be a biometric check (fingerprint, iris scan, facial scan, voice recognition) or something like a passcode that is sent to your registered mobile/special device that the cybercriminal is very unlikely to have.
Most systems and software require regular updates and it is important that you keep everything as up-to-date as possible. It is often the case that potential vulnerabilities are discovered and then a patch/update is released to counter these and fix any issues. Many software providers have their own teams working full-time on security, and if they recommend an update, you should run it as soon as you are notified to help you stay one step ahead.
No matter what the circumstances, the same basic principles apply when it comes to cyber hygiene.