Three things for future consideration
We’re living in uncertain times. Fear, uncertainty and doubt have entered our collective psyche with the onset of Covid-19. Consumers and businesses are in survival mode, adjusting to a new normal where working from home is not optional but, in many cases, mandated. Stores have closed, leading to increased online shopping. People and businesses are relying on the internet to communicate and work during this time of social distancing.
Given the mass disruption of the global economy, cybercrime has become an even more attractive proposition as a source of income. Cybercriminals know the world is teetering in a state of distress and are poised and ready to take full advantage. Coronavirus-related scams are on the rise, according to the United States Secret Service. Businesses and consumers are asking, “What’s next?”
Some security leaders have predicted a “cyber pandemic” is on the horizon. Notably, this idea preceded Covid-19, so while the pandemic may not be the cause, it could exacerbate a cyber pandemic’s inevitability. The root question, then, is how consumers and businesses can prepare now to survive a potential cyber pandemic.
The low barrier, high return of cybercrime
Cybercrime has a low barrier to entry with potentially very high returns. According to Deloitte, some common cybercrime businesses can be operated for as little as $34 per month and could return $25,000. Today’s hackers can simply go online to learn the tricks of the cybercrime trade, and they don’t need much technical skill to create ransomware or phishing attacks.
What’s more, cybercrime is lucrative because everything is digital. Everything from smart devices to e-commerce to business networks is connected in some way or another, leaving cracks in consumers’ and businesses’ proverbial security armor.
My wife, for example, fell victim to cybercrime recently. A criminal managed to get a hold of her username and password. The perpetrator utilized the information to log into one of her retail accounts and buy around $1,800 worth of goods. Thankfully, we noticed this happening and were able to resolve the issue with the companies involved. While not a highly sophisticated attack, it points out that all consumers — even the wife of a security professional — are vulnerable to hacks and security breaches.
Businesses are not immune, either. Employees are no longer sitting behind corporate networks, nor are they utilizing the best security practices while working from home. A company’s data, privacy, and security are only as good as its employees’ ability to utilize appropriate cyber hygiene, lock down their device security, and employ business security policies, software, and practices. Put all these factors together, and it’s not hard to see how the stage is set for a possible cyber pandemic.
Don’t be complacent
Many cybersecurity vendors are taking advantage of the coronavirus pandemic to promote their products through FUD (fear, uncertainty and doubt). The real issue, and where the focus should lie, is the opposite of FUD. What is the opposite of FUD? It’s complacency — and that is the largest concern because hackers benefit when people don’t care or look ahead.
While I don’t want to sound an alarm (there will not be a cyber pandemic in the same way there is a viral pandemic), now is not the time to be complacent. We may have other things on our minds, but cybercriminals don’t. They’re not opposed to kicking people and businesses while they’re down.
Interpol reports cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defenses are low due to Covid-19. Malicious domains, ransomware, malware and phishing emails are all on the rise. It’s critical consumers and businesses remain vigilant when it comes to cybersecurity, and there is one overarching factor that can help: education.
Educate to help eradicate vulnerabilities
Education is often used as the be-all answer to everything. It’s touted so often because knowledge enables preparedness. Cybercrime, breaches, and hacks all thrive in an environment where consumers and businesses are unprepared, unaware and in a state of inaction.
According to a recent research survey commissioned by my company, “Nearly 60% of SMB owners believe their business is unlikely to be targeted by cybercriminals; however, the results revealed that 18.5% of SMB owners have suffered from a cyberattack or data breach within the past year.”
It’s imperative small businesses develop a cohesive cybersecurity plan. Every employee should connect to the internet through a virtual private network (VPN). All employee devices should run endpoint security software that is continuously updated. Security software must include anti-phishing capabilities to protect data and prevent security breaches. And it’s important all employees — not just IT staff — are properly trained and educated on cybersecurity practices.
Consumers and employees should keep antimalware software up to date at all times and always use a VPN to fly under the radar, whether online at home or when utilizing public Wi-Fi. Anyone who wants to avoid phishing emails should be suspicious of an email if they don’t know the sender, and they shouldn’t click links in emails or open attachments without verifying the sender’s address and URL first. It’s also crucial consumers and employees frequently back up data to a cloud-based service or to a network drive they keep otherwise disconnected — that way, if they fall victim to ransomware, they’ll be able to reimage and restore from the backup.
A cyber pandemic might happen, but it doesn’t have to catch you off guard. The adage “survival of the fittest” doesn’t just apply to evolutionary theory; it’s just as applicable to cybersecurity. Those who are fittest to stave off security attacks are the ones who will likely survive them. Now is the time to lock down your security. A little consideration, education and action will go a long way.