Cyber-Security and Covid-19: Protecting Your Business in the New Normal

With new territory comes new problems, and cyber security is not immune from this. What are the biggest cyberattacks hackers are employing in the age of

Covid, and more importantly, how do you protect your business and your data from hackers and their cyber threats? The pandemic that is Covid-19 has altered the way Americans and the world do business, and experts are speculating these changes may be permanent. In 2020 over 50% of businesses migrated from the office to the

cloud. Of those 50% over 70% of business owners say they will continue to allow workers to work remotely after the pandemic*. This has to do with what

employers are seeing as an increase in productivity and allowing businesses to pull human assets from all corners of the earth. On top of this E-Commerce has

seen a whopping 30% boom in business across the board, with many E-Commerce companies seeing record profits in 2020*.

With new opportunities for businesses however, there are also new opportunities for hackers and cybercriminals to wage potentially

crippling cyber-attacks on both businesses and individuals. Social Engineering attacks are on the rise. What is a Social Engineering attack? Simply put it’s

an attack that uses your employees, procedures and protocols to hack into your company’s system and steal your most valuable asset, your company and customer data.

What is Phishing? What is Spear Phishing?

In the age of the Coronavirus, many employees are working from the cloud. This means that they are not within shouting distance of their fellow coworkers, making it more difficult to double check who sent what. At times, cyber-attackers disguise themselves as IT workers. They will call, text or email employees claiming an issue with immediate urgency is occurring, and you must click this link or download this software to rectify the situation. In fact the Manor School System in Texas was hit with a phishing attack that cost them over 2.2 million dollars! Phishing attacks fish for inform by tricking your employees into opening emails, clicking links, or answering text messages plagued with

ransomware, spyware or other harmful software aimed at stealing information and gaining entrance to your system. Spear Phishing, which is a more targeted

approach, disguises the cybercriminal as a trusted staff member or affiliate and utilizes similar phishing techniques, to obtain data crucial to your business. In 2020 alone, a 600% increase in Phishing attacks was reported*. The CDC even went as far as to release a press release warning citizens and

companies of Covid-19 related phishing attacks.  These attacks would disguise themselves as vital information about Coronavirus, the stimulus, the WHO and other hot button issues, with dangerous consequences to anyone.

Nothing is To Big To Hack

No one is immune from these attacks. In the past year, cyber-attacks on banks have continued to climb by 238% since 2019*. In fact, the average ransomware payment went up by 33% to over $111,000! Think for a minute what a $111,000 hit would do to your business. Earlier this year the DarkHotel hackers attacked the World Health

Organization (WHO) and the Gates Foundation, leaking thousands of emails and logins to the Dark Web. Major companies were proven to be more vulnerable than they

expected this year as well. Nintendo suffered a breach that exposed information for 160,00 users of their Nintendo Online platform. Mitsubishi had blueprints

for a missile, yes, a missile, stolen from them in an attack. EasyJet, a UK airline had a breach that cost them billions of dollars in lawsuits and almost

killed the company completely. T-Mobile and Marriot were both hit with attacks that leaked thousand of employee and millions of customer email credentials.

MGM Resorts had 142 million guest accounts exposed. What do Canon, University of Utah, University of California SF, a German hospital, a Nevada school district

and Barnes & Noble have in common? Ransomware attacks that cost them millions.

The federal government was hit with what analysts are calling the largest coordinated cyber-attack in history. Solarwinds Orion was targeted with malware disguised as a software update in March to June of 2020. What makes this even more notable is of the 18,000 customers that fell victim to the attack, most were in the government sector including the US Dept. of Energy, Dept. of Homeland Security, the United States Post Office, the Treasury Department and the Pentagon. According to leading digital security firm FireEye, the attack was coordinated to exploit high profile users and included technology, telecom and consulting firms in the US, Asia, Europe and the Middle

East. Even more concerning is that this attack spanned 3 months and wasn’t even discovered until months later. FireEye is perhaps the leading tech security firm in the

United States and is employed by many top groups in both the public and private sector. Yet even they are susceptible to attacks from malicious actors.

According to an article in the New York Times, FireEye revealed that its own systems were pierced by what it called “a nation with top-tier offensive

capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.

How do you protect yourself and your business from cybercrime?

Now I know what I just told you sounds downright terrifying. “Let’s be real here,” you may be thinking “if the government, MSP’s, security firms and billion-dollar industries are being hacked, attacked, and extorted, protecting my business is hopeless isn’t it”. Well, I’m pleased to tell you it isn’t. Cybercrime will never go away, but that doesn’t mean that there aren’t potent measures to combat it. It is key to remember that these hackers and cybercriminals are for the most part opportunists. The same way if you leave an

open window in your home you are more prone to a break in, if your passwords for everything is 11111111, you are more prone to being attacked. Your passwords are your first line of defense. When dealing with attacks such as credential stuffing, hackers are taking one username and password combination they have and attempting to use that combination on every other account attached to that person. Also, they can take information from employees’ social media, be it a pet they show off on FaceBook, or talking

about their Alma Mater on Linkedin to glean information that will help them crack a password. By using varied passwords, randomly generated passwords, and

avoiding personal information in passwords, you can help close the door on random cyber-attacks.

Proper security training for staff is also a key. For example, we at Delval Technology Systems provide our customers with monthly cyber security training. This helps keep your employees on their toes and helps them recognize and avoid attacks. A company’s data are not only assets to the company themselves, but to the staff as well. By training your employees to act as “human firewalls”, you have a fantastic defense system against social engineering attacks.

In the age of unified communications, in which companies employ all facets of telecommunications, it is important to have a staff that is knowledgeable of these threats and how to protect against them, wherever they may come from and whenever they may occur. A great tool to employ in the unified communications era is multifactor authentication. This is an added layer of protection and serves as a secondary identification process to prevent unauthorized address to systems

and accounts. This can come in the form of an identification email, text message or phone call. This ensures that the person using the credentials is

the actual owner of those credentials. For those companies that have migrated their workforce to the cloud, a secure VPN is paramount to keeping your network safe and secure.

“What is a VPN?”

A VPN is a Virtual Private Network, a secure connection between two networks that is made over the public internet. Think about it as a

reinforced tunnel to keep your data, traffic, and IP hidden from the rest of the internet.  Utilizing a VPN is akin to a Jedi employing a forcefield to shield ships from attack.

Finally, the absolute best way to protect your network and your data from hackers and their cyberattacks is to invest in Managed Security Services. Simply stated, managed security services gives your business access to top security technology and a team of experts that monitor your systems and protect you from attacks before they happen. Cyber Resiliency is a term you may hear a lot, and by employing a Managed Security Services company such as Delval Technology Solutions will make sure that not only are you prepared to face any threats that may come your way, you can also ensure that if something slips through the cracks, your business can minimize losses and get back to work

fast. The world of technology can be a scary place, but it doesn’t have to be.

With proper training and support, the kingdom that is your business can become a highly fortified fortress, protected from the marauding bands of raiders that are hackers and other cyber criminals. Contact DelVal Technology Solutions, named top 10 in Cloud Security by Enterprise Security Magazine two years running, for more information and protect your business, your data, and your customer’s data with our best-in-class services.