Covid-19 Pandemic Safety Measures: A Comprehensive Guide

In the wake of the global COVID-19 pandemic, cybersecurity has become a paramount concern for corporations, organizations, and businesses worldwide. According to an analysis by Check Point Research, approximately 42,000 domains related to Coronavirus and COVID-19 had been registered by the end of March 2020. Shockingly, 50 percent of these domains are suspected to be malicious, compared to other domains registered during the same period.

The surge in cyber-attacks, malicious activities, and phishing scams is a troubling trend that has emerged during the pandemic. Research by some experts has shown that malicious installs of the genuine Zoom software, bundled with malware, have been used in recent weeks. This underscores the need for enhanced cybersecurity measures, especially as organizations adapt to remote work environments.

Organizations are implementing pandemic plans that include remote work policies, enhanced hygiene rules, and cybersecurity precautions tailored for remote environments. This involves training staff, using technology like automation and AI, and updating these plans flexibly to address new risks in remote work settings. Cybersecurity awareness is of utmost importance for remote workers, who are seen as a weak link by hackers.

One effective strategy is the top-down awareness technique, where the organization trains and educates its employees on matters concerning security. It's essential to raise awareness of the risk of using Bring Your Own Devices (BYODs) for corporate activities and to limit what can be used to access the company's website. Standardizing security configuration for all BYODs within company infrastructure and maintaining a list of websites that employees can access while using office devices are crucial steps.

However, IT teams have limited access and visibility into the unauthorized software used by remote workers. They cannot determine whether it's running on the latest version and whether it has been patched against known vulnerabilities. The volume of phishing emails and false campaign emails targeting remote workers has significantly increased during the Covid-19 crisis, with hackers aiming at getting login credentials to SaaS platforms, emails, and VPNs through phishing campaigns.

A comprehensive security awareness program can be broken down into four stages: determining the current awareness status within the organization, crafting a program, implementing it, and evaluating its progress. Highlighting recent attacks that hit news headlines helps employees understand the prevalence of cyber-attacks and identify potential weak points within their organization's infrastructure.

Using a combination of different media to reinforce the message about security awareness ensures that the message is not ignored. Scammers are sending 18 million Covid-19 related phishing emails to Gmail users in an attempt to steal sensitive data, lure victims into downloading malicious software, or donate to vague causes. A security team should be in charge of identifying and blocking access to known malicious websites that hackers commonly exploit for fraud, distribution of malware, or phishing activities.

Budgeting for awareness programs is a sign of a company that is well-positioned security-wise for attacks. A comprehensive security awareness training for remote workers should also cover internet security, as not all risks and threats will make it to the inbox. An organizational structure geared towards security awareness impacts everyone within the organization.

Approximately 37.9 percent of employees fail phishing tests if they have never gone through security awareness and social engineering training. However, this figure drops to 14.1 percent within 90 days after security awareness training to employees and phishing email simulations performed. This underscores the effectiveness of such programs in enhancing cybersecurity within organizations.

Shadow IT is a major vulnerability for remote workers, as it is challenging to identify unauthorized software loaded onto corporate-issued devices. Hackers see remote workers as a weak link that can be exploited to gain access to corporate networks and steal sensitive information, install ransomware, or create backdoors. Therefore, it's essential to maintain a vigilant and proactive approach to cybersecurity during these challenging times.