Mimecast sheds light on increasing cyber risks and tips to beat the hackers
The worldwide shutdown to contain the spread of the COVID-19 has thrown up many inspiring acts of courage and self-sacrifice across the globe but it’s also led cyber-criminals to exploit the vulnerability of businesses just finding their feet in the remote working era.
Mimecast, which specialises in cloud-based email management for Microsoft Exchange and Microsoft 365, has laid the risk threat bare in a new report which tracks cyber-security detection during the first 100 days of the COVID-19 emergency beginning January.
The report brings into stark relief the fact that the global spread of COVID-19 threw up many new opportunities for cyber-criminals and that now, perhaps more than ever, organisations need to carefully review their cyber-security strategies with employee awareness high on agendas.
The report says the remote working era spurred a cyber-crime spree. “Increases in coronavirus-related spam and impersonation attack campaigns are exploiting the vulnerability of users working at home, taking advantage of their desire for information about the COVID-19 pandemic to entice them to click on unsafe links. Traditional fraudsters are also using spam to offer fake or non-existent goods such as protective masks or COVID-19 cures,” says the report.
The worrying trend
Mimecast analysed key trends in cyber-crime activity over the first 100 days of COVID 19. Key findings showed:
- From January to the end of March, overall detections rose by 33%
- Spam/opportunistic detections increased 26.3%
- Impersonation detections surged 30.3%
- Malware detections climbed 35.16%
- The blocking of URL clicks went up 55.8%
Lack of security awareness among staff working at home for the first time increased organisational vulnerability. Many employees were not sufficiently aware of cyber-threats and were more likely to click on malicious links than employees from companies with security training.
“The rise in unsafe clicks suggests that there’s an urgent need to refresh awareness training for employees and help them create a secure working environment,” says the report.
With new ways of working, come new risks and Mimecast says email and web security best practices are now paramount. “Lookalike domains are easily forged,” warns the report.
Mimecast observed some 60,000+ COVID-19-related registered spoof domains since early January with the retail industry being particularly vulnerable as cyber-criminals homed in to take advantage of unsuspecting buyers purchasing necessities online.
Aside from urging organisations to carry out cyber-security reviews, Mimecast has come up with some essential protocols:
- IT teams should consider which communication services to sanction for secure work at home. Workers should be banned from sharing sensitive data over WhatsApp or personal email accounts
- IT teams should be able to monitor and disable the use of unsanctioned applications.
- Regular cyber-security training needs to be in place.
The cyber-security training should also outline protocols for secure remote working with Mimecast recommending:
- Updates to home wifi with strong passwords
- A ban on clicking on COVID-19 related attachments received from outside trusted perimeters
- A commitment to double-check links and not to click on any staff may suspect. One way is to ensure links go to correct domains.
- Updating usernames and passwords on trusted sites only
- A ban on using personal devices at home to access work networks, data, or emails
Even as countries emerge from lockdown, remote and home working cultures will be stronger than ever as staff appreciates the workplace freedom and organisations realise the productivity and efficiency benefits. But the risks are real and as countries begin to open up, organisations should prioritise their cyber-security protocols to reap the benefits without falling victim.