May 13, 2020

Dealing with the Heightened Threat of Cybercrime During the COVID-19 Outbreak

The ongoing global coronavirus (COVID-19) pandemic has seen a sharp spike in cybercrime. Online fraudsters are finding new opportunities for phishing scams as a result of people’s anxiety about the disease as well as the massive shift from the traditional office-bound work environment to a remote work-from-home situation that many employees now find themselves in.

In Kenya, like many African countries where youth unemployment was already an issue before COVID-19, online crime is likely to remain a significant threat for the foreseeable future.

Phishing is still one of the most effective methods that attackers use to compromise accounts and gain access to company data and resources.

Most online users are aware of phishing emails, which often encourage you to log on to what seems to be an online banking portal or other credit facility. The user enters their login details on the fake portal, after which the scammers use this information to raid the user’s bank account.

Vishing & smishing

Vishing and smishing are two other methods that cybercriminals may use to get you to share personal or company information.

Vishing is the ‘voice message’ version of phishing. It relies on “social engineering” techniques to trick you into providing information that fraudsters can use to access and use your important accounts. They can also use this information to assume your identity and open new accounts. 

Smishing uses cellphone text messages to trap unsuspecting individuals. The text will often contain an URL or phone number that, if called, will lead to an automated voice response system. Just like phishing, the smishing message usually asks for your immediate attention.

In February 2020, the World Health Organization (WHO) released an advisory warning of online COVID-19 scams, which aim to exploit fear and uncertainty about the disease’s spread.

These scams can be essentially categorised as follows:

  • Phishing and social engineering scams
  • Sale of fake or fraudulent goods
  • Misinformation

5 proactive steps to safeguarding your business against cybercrime

Small-to-medium and large enterprises alike can protect themselves and their workforce by taking the following steps:

1.Make sure your technical hygiene is squeaky clean

Ensure that your employees have strong passwords in place, for their machines and for their home WiFi.

Invest in reliable VPN technology that will secure all your remote connections.

Make sure that all company software is up to date, with the latest versions of fixes.

2.Create awareness

Communicate with your employees about the growing occurrence of cybercrime and remind them to be on their guard for phishing and other forms of cyber-attacks. Ask them to pay particular attention to emails or text messages that reflect poor grammar, dodgy looking design quality or an ‘urgent’ call to action.

3.Turn on multi-factor authentication (MFA)

If you have the means to do so, consider investing in this software, which provides an extra level of security.

4.Test your usage and bandwidth requirements

Take the time to check your company’s actual usage and bandwidth requirements during an average working day. If there are noticeable bandwidth issues at certain times of the day, consider limiting the number of users by staggering connectivity into ‘virtual shifts’. Alternatively, remove access to sites such as YouTube or Facebook.

5.Have a business continuity plan in place

If you do fall prey to a cyber-attack, being able to respond quickly and effectively is vital. Make sure you have the right technical partners in place, as well as a good crisis communication strategy, before a real incident occurs.

Speak to SEACOM today to find out about the solutions we’ve developed to combat cyber-attacks for businesses that have employees working remotely.