WatchPoint Security Blog

Cybersecurity and the Coronavirus Pandemic

Written by Jordan Kadlec | April 09, 2020

The coronavirus (COVID-19) and resulting stay-at-home orders have put an unprecedented strain on information security teams and their cybersecurity measures, as employees are required to work remotely. Most significantly at risk for a cyberattack during the coronavirus pandemic are healthcare facilities, food suppliers, and other essential functions. However, all companies are at a higher risk of a cyberattack as hackers are attempting to take advantage of employees via coronavirus-focused phishing attacks or other social engineering tactics.

Cybersecurity During a Pandemic

Business Continuity and Disaster Recovery plans are two critical components of a robust cybersecurity strategy. These plans ensure your company has the necessary systems and procedures in place to enable ongoing operations during a situation such as COVID-19, as well as allowing you to quickly and efficiently resume normal activities once the stay-at-home or social distancing orders have been rescinded. While these plans are in place and regularly tested at large corporations, many small and medium-sized businesses either lack the expertise or were simply not prepared for such an event. If either of the scenarios pertains to you, don’t panic, you are not alone.

Remote Desktop (RDP) or VPN?

The first thing we recommend is to require employees to use a VPN connection to connect to the company’s network. While this may cause issues on the first day or so as the server may become overloaded with traffic, your IT team or MSP should be able to work through these issues. By using a VPN connection, it allows the company to maintain cybersecurity measures on the network, similar to what would be in place when your employees are in the office. For instance, if you have a filter that doesn’t allow employees to access Gmail while in the office, the same filter would apply while employees are working from home if configured properly. A VPN connection is the more secure option from the standpoint that it minimizes the potential for human error. For example, with my current VPN connection, if I wanted to access Gmail or some other restricted site, I would have to completely disconnect from the VPN and reconnect when finished. However, with an RDP connection, I can simply minimize the screen and access whatever I want on my desktop.

RDP is inherently less secure than VPN. RDP directly connects to Windows servers or desktops and allows a remote attacker the opportunity to very easily brute force attack the device. I guarantee if you have RDP open to the outside world, you are being attacked right now. Attackers are slow rolling these brute force attacks so they can continue attacking even if a lockout window is enforced after failed attempts. VPN, on the other hand, is designed from the ground up for connecting from the outside world and to your internal network. Different solutions offer differing levels of security, but any modern VPN solution is more secure than Remote Desktop only.

If you must use RDP, at least set up our free PowerShell script to detect and blacklist the attackers automatically.

The single biggest threat right now is phishing attacks focused on anything and everything coronavirus. Cybercriminal activity increases when situations like this arise. Hackers are trying to take advantage and prey upon fear and uncertainty. Phishing attacks can occur via email, text messages, or phone calls as hackers impersonate financial institutions, healthcare providers, and emergency aid organizations in hopes of getting individuals to click on a link or provide sensitive information. Everyone is trying to keep up on the latest coronavirus news, how many cases are in their area, how long the stay-at-home orders are going to last, etc.

Employee training is critical during this time. We have already seen an influx in scams involving the coronavirus. In light of the fear and confusion surrounding the pandemic, employees should be reminded to be vigilant and suspicious of emails, text messages, and phone calls claiming to provide information or updates about coronavirus. As we mentioned previously, everyone wants the latest updates on how to stay safe. Remind employees to go directly to the source for updates. Now is a good time to instruct them to refrain from clicking on any link, regardless of who it’s from, sent in an email.

Providing your employees with all the necessary resources to be productive at home while remaining secure from a cybersecurity standpoint will be vital for the success of your company coming out of the coronavirus pandemic. For more tips on how to get your employees up-and-running working from home, check out this article from Sophos

The Post-Coronavirus World

The coronavirus is undoubtedly a disaster not only for the health of individuals but for businesses as well. It’s safe to say that we were, in no way, ready for a pandemic to spread across the globe. As the most advanced country in the world from a healthcare perspective, we weren’t ready to handle this crisis. As the most technologically advanced country, are we prepared for a crippling cyberattack? If the coronavirus is going to teach us anything, its that we need to be prepared for anything. Keep an eye out for an upcoming article on how we, as a country and world, aren’t ready for a cyberattack that seems inevitable.

Photo courtesy of carltonfields.com