Author: Werno Gevers, cybersecurity specialist at Mimecast
As employees across the Middle East join the world of remote working in response to the current pandemic, companies are having to urgently implement policies and processes to keep their teams cybersecure. Countries in the Middle East have now implemented strict lockdowns to curb the spread of COVID-19, with most only allowing people to leave their houses with permission. If organisations didn’t already have work from home policies in place, they’ve quickly had to implement them if they wanted any business continuity.
There is a general escalation in cybercriminals’ activity during times of heightened disruption. Already, malicious actors are spreading disinformation with the sole purpose of creating panic. Once panic settles in, rational thought goes out the window. And that creates gaps that cybercriminals exploit.
Suddenly, there’s an increase in false specials and sales for in-demand products like face masks, hand sanitiser and protective gloves that are being promoted online. The Mimecast Threat Intelligence Centre has seen a large number of malicious emails impersonating trusted brands like the World Health Organisation and the Centres of Disease Control. Additionally, the Mimecast Brand Exploit Team found 59,700 spoofed coronavirus related websites in just two weeks. Even one mis-click on a link could initiate malware and put the user – and the organisation – at risk.
A combination of self-isolation and heightened tension also puts strain on people’s psyche which can lead to irrational or sometimes careless actions. People are desperate to find out more about the crisis and are letting their guards down, clicking on just about anything sent to them. When your entire workforce is working remotely, any careless action could have ripple effects across the organisation as security becomes vulnerable.
Companies need to ensure they are looking after the cybersecurity of their remote teams, so those teams look after the cybersecurity of the company. Three factors should inform company policies and processes as they prepare for a swelling remote workforce:
Factor 1: Web Security
Despite a growing tendency among professionals to work remotely, very few companies have built policies to ensure web security maintains the same standards at the employee’s home as at the office. Home routers with default or easy-to-guess passwords could open the employee – and the company – up to compromise.
Connected devices – smart TVs, home automation, baby monitors and other devices that are connected to home networks – all offer potential entry points for cybercriminals. Employees should be required to change all default passwords and ensure all security software is up to date. In addition, now more than ever, organisations need to have an easy to deploy and manage service that keeps the web safe and consistently secures employees even when they’re off the company network.
The web is used in 91% of malware attacks and is the second-most commonly used vector for cyberattacks. It’s also the top distraction for employees, especially right now as communication channels are flooded with links about COVID-19, that may or may not be legitimate.
Factor 2: Awareness Training
Remote working means you are now sitting with a distributed workforce, and each employee is potentially an entry point into the organisation’s processes and data. Employees are the last line of defence against cyberattacks. One IBM study found that human error was a factor in more than 90% of security breaches.
Companies should conduct regular and effective cybersecurity awareness training, giving employees adequate and up-to-date information about how to identify and avoid risky behaviour. Alarmingly, only a third of UAE companies in Mimecast’s 2019 State of Email Security report offered regular awareness training.
As more COVID-19 themed malicious emails make their way into employees’ mailboxes, user awareness is going to be vital. Just last week our Threat Intelligence Centre spotted a phishing scam hitting thousands of mailboxes that claimed to be an airline offering immediate refunds to travellers. The link takes users to a refund page that then asks them to enter their credentials.. Travel restrictions and difficulties in obtaining refunds have been widely reported in the media. For those facing financial issues, the prospect of an immediate refund is very appealing, and they may be more likely to fall for the scam. With attacks like this doing the rounds, the cost of human error escalates, so organisations need to take steps to adequately prepare employees to spot these threats.
Factor 3: Impersonation attacks
The threat of impersonation attacks is heightened during extended periods of remote work. It’s now much harder to walk over to the financial director’s desk and confirm a payment to a supplier. Even before governments ordered lockdowns and forced every employee to work remotely, impersonation fraud was a major issue: three quarters of UAE companies reported an increase in impersonation in Mimecast’s 2019 report.
Companies need to implement appropriate policies to ensure payment processes and other tasks involving money are not compromised. Tools that extend beyond the company’s security perimeter, such as DMARC, can help companies identify when their brand is being abused by impersonators seeking to exploit customers, employees and partners. However, only half of UAE organisations reported using DMARC in 2019.
Mimecast has launched a website focused on helping organisations better secure and protect their employees while enabling a mobile workforce. This site will be updated daily and will provide insights into new threats, best practices and offers we have to help organisations through this challenging time: https://www.mimecast.com/coronavirus