COVID-19: Cybersecurity Recommendations

19 March 2020

With the spread of COVID-19, increased demands for information technology (IT) support services are occurring across nearly all industries, as worldwide employees, students, university faculty, and others are being asked or required to work or study remotely from their homes to reduce the spread of the virus.

As a result, cyber-criminal groups are taking maximum advantage to target cyber vulnerabilities.

We understand that most of you are well informed about the potential cyber threats. However we would like to bring the following points to your attention to reduce the probability of a significant cyber-attack and potential data loss:

Look out for phishing emails:

The past week has seen a significant increase in the amount of phishing emails. Considering most of the work force is connected from home, cyber criminals are aiming to take advantage of the security loop holes. Phishing emails can trick the users to click a link or download an attachment. Once compromised it is possible for cybercriminals to steal credit card numbers, login credentials, and various other sensitive information that is stored with in the web browser and underlying applications and operating system.

If you receive an email containing a link prompting to click or download something suspicious, report it to your Internal Security Team.

Patching and network security:

Make sure all devices including laptops, phones, routers, firewalls, anti-virus software are updated with the most recent patches. If you are using your personal computer to access office network make sure the machine is secure before initiating the connection.

Remember to use a secure channel such as VPN to access office network and always use a secure Wi-Fi connection and never use public Wi-Fi to access the office network. Accessing confidential data over an unsecure network can give the hacker control over everything you do.

Enable multi-factor authentication where ever possible, and certainly use for email and Office 365 accounts.

Test of resilience:

Conduct continuous monitoring of network and emails to detect any malicious traffic.

Implement periodic testing and monitoring of the business continuity and disaster recovery plans to ensure employees are able to perform their duties in a safe and secure manner.

Emergency contacts:

Make sure emergency contacts are updated, such as phone number or any other communication means, to contact the employee outside of the organisational network. That way, in case the organisation fall victim to an attack, you’ll be able to establish communication with the employees.

For more information on how BDO can support your cybersecurity needs, please contact our Risk and Advisory team.