COVID-19, colloquially referred to as "the coronavirus", made its entrance onto the world stage in early January, when several cases were confirmed in China. Canada confirmed its first case of COVID-19 on January 25, and by January 30, the World Health Organization ("WHO") declared the outbreak of COVID-19 a matter of international concern. To date, COVID-19 has instilled in the general public a sense of fear and anxiety, which many people have chosen to combat by seeking out updates and information about how they can protect themselves. Rates of people working remotely to isolate themselves from the risk have also increased.
Unfortunately, cybercriminals, including state-sponsored hackers connected to Russia, North Korea and China, have quickly developed ways to exploit peoples' fear and reactions to COVID-19. Email campaigns designed to look like communications from official sources like the WHO or government agencies purport to offer updates or preparedness tips through links or attachments. Recipients are invited to visit the links or download attachments that contain malware, which then infects the computer and the network it is connected to. The malware can take any number of forms, including back doors that enable hackers remote access to the infected computer or network, keylogging applications designed to steal information, or ransomware applications that lock down the infected system enabling hackers to hold it hostage.
The impact of these attacks is already being seen across the world and significantly impacts efforts to respond to COVID-19. For example, on March 13, the Brno University Hospital in Czech Republic, one of the country's largest COVID-19 testing centres, was hit with a ransomware attack causing service disruption amidst the COVID-19 outbreak.
Due to the fear and anxiety surrounding COVID-19, and the strategies cybercriminals use to exploit individuals, it is crucial for organizations to take the appropriate cybersecurity measures to protect themselves. Many of these measures are easy to implement, and include:
Communication with staff
Notifying staff about the risks of fraudulent COVID-19 themed emails, and how to mitigate those risks is an important first step in risk mitigation. Directing staff to ensure they know the sender of an email, to confirm the sender's email address has a valid username and domain name, to check for typos, to be cautious of emails asking for urgent action, to verify unexpected attachments and to directly type in URLs instead of clicking provided links are all ways to mitigate the risk of a COVID-19 themed cyberattack.
Antivirus monitoring tools
Ensuring antivirus software is updated is a good way to make sure malware is detected and eliminated before it can do any damage.
Incident response planning
It is important for organizations to have a detailed incident response plan to ensure effective containment, investigation, mitigation and remediation measures are taken in the event of a data breach. Additionally, installing an effective legal privilege strategy as part of the incident response plan can help your organization control the flow of information and mitigate reputational risk associated with the breach.
In addition to getting out ahead of COVID-19 themed cyberattacks, it is important to recognize the ways COVID-19 can indirectly impact your organization's cybersecurity. In particular, if your organization has instructed staff, or given staff the option of working from home, your organization may want to consider:
Reminding staff of remote work policies
Reminding staff they should only work on a secure network (e.g. your organization's Virtual Private Network or "VPN"), that they should never forward work emails to their personal email address, and that they should avoid putting work materials on portable storage devices on their personal computers are all good ways of protecting work-related materials from cybercriminals to remain secure.
Reviewing technology infrastructure
It is important to work with your organization's information technology professionals to ensure the technology relied upon to facilitate working from home is up-to-date and secure. If your organization has not set up a VPN, it may be useful to do so to ensure secure, encrypted remote connections to your organization's systems.
Testing technology infrastructure in advance
If you anticipate an office closure that would require some or all of your staff to work from home, it is helpful to test the technology infrastructure enabling remote work in advance, so any hiccups can be worked out to ensure business continuity.
Reviewing money transfer protocols
If your organization relies on in-person confirmation of financial transactions, remote work may make those standard procedures difficult or impossible to maintain. Replacing in-person confirmation of financial transactions with alternative policy mechanisms to protect against fraudulent money transfer requests can help protect your organization from financial loss.
These are just a few ways your organization can enhance its cybersecurity and other measures to combat the cyber risk aspects of the COVID-19 pandemic. MLT Aikins wishes you, your staff and the rest of your organization good health and wellness during this difficult and turbulent time.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.