1-grid CEO, Thomas Vollrath, states that Covid-19 has relegated the majority of the South African workforce to working from home. As a result, internet usage has drastically increased because people are spending more time behind the computer and phone screens. Cybercriminals have seen the increase of users online as an opportunity to ramp up their cyber scams and phishing attempts.
South African businesses that currently have a digital presence are potential targets for data exploitation by cybercriminals. Businesses should, however, see this as an opportunity to expand their knowledge on cybersecurity and intensify the security of their business network(s) and site(s).
Your home network may not be as secure as your work network; therefore, rendering you vulnerable to cyber attackers. It is crucial to sharpen your ability to detect vulnerabilities in this time. Businesses are still encouraged to operate online with the core practice of vulnerability identification.
Based on a number of reports, the following areas have raised concerns:
Malware and Ransomware
Malware is malicious software that is written to damage a device or steals sensitive data and ransomware is a form of malware that locks a user out of their files and demands an online payment to restore access. During Covid-19, there have been a large number of malware attack attempts made through various applications that have seen a spike in downloads.
The most recent case of ransomware in 2020 is CovidLock, which was developed to take advantage of the need of internet users to be updated on the virus. Gatefy provides 11 more cases of malware and ransomware attacks over the years.
How can malware and ransomware impact your business/brand?
- These viruses can cause you to lose essential business data; client data and personal data.
- It can corrupt your operating system and disrupt networks of systems.
- It can detect sensitive information placed on private inputs, such as banking details and logins.
- It can grant external editing access to your website.
- Malware can gain access to your internet usage data, often seen as cyber attackers passing through your cybersecurity and sending spam emails as your business.
How can you protect yourself from malware and ransomware?
• Install an antivirus application onto your device. There are a number of antivirus applications available to combat potential threats.
• Avoid clicking on any suspicious content in emails, SMS’s and online such as links, images and calls to action.
• Ensure that your data is backed up.
How can you identify these threats?
• Malware or ransomware can identify itself as a forceful advert.
• An advert with flashing imagery and bright colours.
• Spam emails that originate outside of your organisation.
Domain registration increases
Software company Check Point reported the registration of more than 30,000 Coronavirus related domains. 0.4% of these were malicious and 9% were under investigation for suspicious behaviour.
Sites with an SSL certificate have an encrypted connection, thus preventing unauthorised access to sensitive information. When you are on a website, ensure that there is a lock in the address bar, this indicates that the site contains an SSL certificate and that your information is being submitted securely. Your browser will prompt you with a ‘site not secure’ warning if the server does not have an SSL certificate installed.
It is essential also to keep an eye on the spelling of the domain because cybercriminals may have SSL certificates to legitimise their sites. Here is a scenario: if you frequently buy on a website called ‘shop.com’ and receive an email that offers you a forceful promotional campaign, redirecting you to ‘shops.com’, it is likely that the domain is a false duplication and that the email was a phishing tactic. Cybercriminals can scrape a website and create a duplicate of the site; therefore, it is vital to notice the spelling of the domain that you are browsing and interacting on.
CBR reports that since January 2020, there have been 41,500 spam emails sent relating to the Coronavirus pandemic. If you cannot identify the sender or do not have knowledge of sharing your email address with the sender, you should be cautious.
You can also identify a spam email by visiting the sender’s website and doing some due diligence. Their site should list any official promotional offerings. In searching, you will also be able to identify if other users have flagged emails from this sender as spam.
Repeat emails, capital letters in the subject line and emails that are heavily weighted by promotions are well known as spam. Standard mailboxes like Office 365, Mac Mail, Outlook, Gmail and Yahoo have integrated filters that detect spam patterns. If you have a custom domain and mailbox, the servers that your mailbox is linked to would include a spam filter.
Google reports that there has been a 350% increase in phishing websites since the beginning of 2020. PC Mag adds this is due to the demand of information relating to the Coronavirus pandemic.
If you are browsing COVID-19 sites, take note of the URL that you are browsing. The most noticeable sign of a phishing attempt is that not all the links are fully functional in the drop-down menu.
Often, these websites are shared using phishing emails. The first identifier of a phishing email is an overwhelming call to action. The sender will encourage you to click on something by using keywords such as ‘OUTSTANDING’; ‘URGENT’; ‘ALERT’; ‘OVERDUE’ and others.
Commonly forged service providers include banking and insurance companies. If you are uncertain about an email and suspect it to be a phishing attempt, make direct contact with your service provider to clarify. Do not use the contact numbers provided on the emails as these may be linked to the individuals that form a part of the cyber attacker’s operation.
These are incidents where information gets accessed without authorisation. External breaches are not controllable. You can, however, limit the effects of a database breach by setting measures in place to ensure that your data is protected.
Keeping your software updated can prevent cyber attackers from passing malware onto your computer. Strengthening your passwords and ensuring that you have different passwords for all logins make it difficult for cyber attackers to hack your information. Password managers like 1Password and LastPass can assist you in generating and storing unique passwords.