The cyber risks organisations should be safeguarding against during lockdown and COVID-19

Share on facebook
Share on twitter
Share on linkedin
Share on email

With South Africa currently in the midst of its first full week of COVID-19 national lockdown, some realities are becoming ever more apparent for those working remotely, as well as the organisations employing them.

For a number of years now, many have eulogised that remote working is the future of the workplace, and that businesses needed to tailor their employee experiences towards that. While many have lagged in this regard, the COVID-19 outbreak has forced companies to quickly rollout solutions to aid the remote working setups of their employees.

While this means that businesses need to choose the right tools for their workers to continue to perform effectively, it also means organisations need to consider the risks that come with remote work, and plan accordingly.

To unpack some of these risks, as well as detail how firms can efficiently create contingencies, we spoke to Deloitte South Africa’s risk advisory cyber leader at Deloitte South Africa, Eric McGee.

Don’t forget security

He is quick to acknowledge that COVID-19 and the lockdown has forced many South African businesses to overcome a number of technical challenges in a short space of time.

“The adoption of remote collaboration tools for all work is foreign to many organisations.  The amount of bandwidth required is a challenge. As is the availability of connectivity for all workers, with data costs increasing significantly. Security aspects are therefore more important, and the availability of virtual private networks with strong authentication and the ability to still sit behind corporate security controls, come to the fore,” he explains.

McGee is also quick to note that it is open season for cybercriminals currently, with many workers preoccupied with ensuring connectivity, even if it is to the detriment of the organisation’s security.

“In a world where panic is rife and users feel the need to be informed about the COVID-19 virus, cyber criminals see these conditions as an ideal platform to attack unsuspecting victims,” he adds.

A business checklist

Indeed, cybercriminals are looking to take advantage of the situation. It’s the reason why there was a recent tenfold spike in the number of network attacks recently, and as such McGee is advising the following steps for corporates and government alike:

  • “Encourage the use of virtual private networks (VPNs) to connect through office infrastructure, so enterprise security controls still protect users and include strong mechanisms such as multi-factor authentication.
  • Use firewalls and intrusion detection/prevention systems (IDS/IPS) to detect and block network communications with malware Command and Control (C2) nodes.
  • Consider alerting based on COVID-19 related domains on commonly abused host (Cloudflare, GoDaddy, OVH), name servers (NameCheap) and unusual top level domains (e.g., .tk, .pw, etc.)
  • Use Active Directory Group Policy to block users from enabling macros in any Microsoft Office applications.
  • Disallow auto-saving to user’s ‘Downloads’ folder and disable the ability to execute an application or opening a data file from that location.
  • Enable sufficient logging of host and user activity that can be leveraged and analysed for suspicious threat actor activity or attempts to compromise hosts and/or user accounts.
  • Ensure regular, offline backups are done and the backups are regularly tested for all critical systems and data to mitigate potential ransomware attacks.
  • Do not issue payments for ransomware as the adversary is under no obligation to restore files which may not be recoverable even after acquiring the required encryption key.”

On the lookout

It will also be increasingly important for organisations to have policies and regulations in place should one of their employees get compromised while working remotely.

Much like developing remote working solutions, the logistics around remote working is also something that companies have recently had to come to grips with. It will take time to develop and refine such policies, which is why the burden falls on the employee to be smarter while working remotely too.

According to McGee, there are several elements that they should be on the lookout for during this time:

  • “Make users aware that they should look out for spam emails that may look legitimate or purport to be from official sources associated with COVID-19.
  • Recipients of suspicious emails should be encouraged to verify the sender via alternate communication methods and not use the contact information provided in a message.
  • Make users aware that they should not let fear or emotion trick them into not using common sense when evaluating communication regarding COVID-19.
  • Consider alerting based on emails containing references to COVID-19, coronavirus, and other keywords which contain uncommon file types.”

The new normal

While the current state of lockdown is something that South Africans won’t have to contend with for very long (we hope), working remotely will be, and COVID-19 is providing a litmus test for many organisations’ readiness to handle it.

Moving forward, it’s something that local businesses will need to build better policies around, and as such, should look to learn from.

“Ensure that remote working policies are in place, reviewed and updated with learnings and awareness created around it and any changes that may be introduced,” advises McGee.

He is also of the opinion that more employees will want to embrace remote working in future.

“I think the forced adoption of remote working now will break down a lot of the perceptions people had and will highlight the advantages of this environment,” he concludes.

While we wait for the current state of chaos to end, more companies should be looking to see if they are adequately set up to foster and support remote working in the coming months and years.

[Image – Photo by Icons8 Team on Unsplash]

Robin-Leigh Chetty

Robin-Leigh Chetty

When he's not reviewing the latest smartphones, Robin-Leigh is writing about everything tech-related from IoT and smart cities, to 5G and cloud computing. He's also a keen photographer and dabbles in console games.