Cyber-Security Strategies during COVID-19

This article originally appeared in Loss Prevention Magazine.

Cyber crime has always been an issue, and the era of COVID-19 is no exception. In recent months, bad actors have been taking advantage of both individuals and businesses during this vulnerable time through phishing scams with COVID-specific themes, anything from fake websites to access your coronavirus stimulus check or impersonating regional health authorities to share fake news.

The pandemic has also seen a wave of bad actors attempt to infiltrate major corporations, with the hope that they have been overwhelmed by pandemic-related issues and have weaker cyber-security protocols. In June, Amazon Web Services reported that they had to defend themselves against a significant denial-of-service (DDoS) attack with a peak traffic volume of 2.3 terabytes per second (TBps), the largest ever reported. Before that, the previous largest DDoS attack recorded was 1.7 TBps, mitigated by NETSCOUT Arbor in March 2018. The Australian government also came under cyber attack in June, from what the prime minister described as a “malicious” and “sophisticated” state-based actor.

The best way to protect ourselves from cyber criminals is for both the public and private sectors to work together to prevent bad actors from accessing our systems while also educating the public about how to identify and avoid phishing scams and other malware.

Working Together to Prevent and Respond to Cyber Crime

Private companies often have more-advanced technological innovation that can not only prevent bad actors from infiltrating their systems but also track and analyze these attempts. This technology can be very helpful for law enforcement to find and arrest cyber criminals, which will offer justice to victims of cyber crime while also increasing the risk of cyber crime, making it less enticing to others.

In April 2020, the World Economic Forum launched the Partnership against Cybercrime initiative with the goal of unifying the public and private sectors in working to prevent cyber crime. This initiative involves creating a global framework where governments and private companies can collaborate to improve the effectiveness of cyber-crime investigations and enhance the potential of disruptive actions against cyber-criminal infrastructures.

Educating the Public to Protect Themselves from Cyber Crime

The sudden and unplanned shift of so many office employees to long-term remote work has introduced a wide range of challenges for both businesses and individuals. For example, video conference meetings on Zoom have become a necessary replacement for regular in-person meetings, but these virtual meetings are not always secure. Zoom meeting rooms can be easily found and infiltrated by unwanted visitors, or even transcribed and posted online without meeting participants’ consent.

Shifting to remote work also means companies have had to move sensitive information to online servers, so employees can access these files, which opens up their organizations to the possibility of unauthorized external access. While many businesses are incorporating cyber-security strategies in their organizations as they grow, one large group has not caught up: schools. In an effort to keep up with the digitization of education, public schools have moved a lot of resources and teaching tools online, but they often lack the dedicated funding and resources to secure this data—and these obstacles already existed before learning moved online during the COVID-19 pandemic. Because of this, schools struggle to follow industry-wide best practices for cyber security, such as having a dedicated cyber-security expert review and update their security protocols and regularly patching system vulnerabilities. With so many teachers and students abruptly moving everything online, anything from Zoom class meetings to online school portals, if not properly encrypted or otherwise secured, can become an opening for a cyber criminal to infiltrate the school’s system. These vulnerabilities can lead to cyber criminals accessing sensitive information via school VPNs or Remote Desktop Protocol and even sending ransomware to unsuspecting students and teachers.

Major organizations, like university campuses and businesses, have more secure systems in place to protect users who are accessing the Internet. However, with everyone working and going to school from home, their private home WiFi networks are often not equipped with the layers of security a commercial network typically has. This has led to more people becoming vulnerable to phishing attempts and other malware that normally would be filtered out by their organization’s cyber-security protocols.

On top of this, COVID-19 has created a very vulnerable environment for the public—we are all afraid of contracting the virus or unintentionally infecting others. This fear is very easy for bad actors to take advantage of in phishing scams and provides them with a foothold to access your private information, such as via an email claiming that employees at your work have tested positive for COVID-19 and asking you for sensitive company information.

Fortunately, the same rules for identifying and avoiding malware still apply:

  • Do not click links or open attachments in an email from an unfamiliar email address.
  • Do not click ads while you’re browsing the web, even if it’s for a legitimate website. It’s always safer to visit the website directly or search for the sale the ad is promoting.
  • Do not give out private information, such as your social security number or a two-factor authentication code, over the phone, via email, or on a website that isn’t verified. Secure organizations, such as your bank, will not ask for personal information that way.

Another step for individuals to take to protect themselves is to enable any security protocols they can find on their router. This is as simple as looking up exactly which kind of router you have and how to log in and turn on the security features.

As the COVID-19 pandemic continues to create long-term demands for remote work and more online activity, we must be vigilant in not only maintaining our cyber-security strategies but also in being proactive to prevent cyber attacks and address any possible vulnerabilities before they pose a problem. One of the most important lessons we are learning during this pandemic is that we are stronger and more successful when we work together, and that is clear in the steps we must take to protect our businesses and to educate the public in proper cyber security.


Tom’s column is featured in every issue of Loss Prevention Magazine. To subscribe to the printed version of the magazine and enjoy other great content, visit losspreventionmedia.com.