It’s been five months since quarantine measures went into effect. During this time, countless companies changed their workflows and infrastructures as twice as many people were suddenly working from home.
This shift to remote operations created a number of opportunities for hackers and malware programs to exploit vulnerabilities. After all, 90% of data breaches are caused by human error. With employees logging into networks on personal devices, chances for human error and general oversight are much greater.
Two of the most popular tactics used recently have been ransomware attacks and phishing. It’s important to understand how hackers use these attacks so you can defend accordingly.
Ransomware During COVID-19
Ransomware remains as popular as ever. In fact, it has increased over the past few months. Ransomware attacks lock companies out of their own systems, demanding payment (ransom) in exchange for restoring access. The encryptions used by modern ransomware attacks are practically impossible to get through, leaving you with limited options to get your data back.
To make things worse, there’s no guarantee you’ll be granted access even if you pay the ransom.
The increased pressure that has come with COVID-19 and mobilizing infrastructures has left businesses desperate. Rather than fighting ransomware attacks, they have little choice but to pay and hope for the best. Those utilizing ransomware attacks often have a good idea of how much money they can squeeze from their victims. One report showed the average cost of ransomware payments to be $178,254 in the second quarter of 2020, a 60% increase from the previous quarter.
While ransomware is often utilized on larger enterprises, small businesses are not immune. They are often targeted with an offshoot of ransomware known as ransomware as a service (RaaS). This is a service-model cyberattack that less technical criminals subscribe to, providing them access to ransomware tools.
In recent years, phishing attacks have become increasingly sophisticated, using names of coworkers and companies to fool people into thinking they’re legitimate emails. With an increased reliance on remote collaboration tools, phishing scams have evolved to mimic them.
Users receive emails that send them to a fake login portal, which then steals their information. Multi-factor authentication can help combat this, but it’s not always enough, especially if the employee uses the same password for multiple platforms.
It’s not a question of if your employees will be targeted, but when. By April, Google’s Threat Analysis Group was blocking 18 million COVID-19-related phishing and malware emails per day. All it takes is one wrong click to open up a serious vulnerability in your defenses.
What Can You Do?
It’s a stressful time for businesses. Internal tech and IT staff are finding themselves overwhelmed as they address connection issues, software problems, and more for employees working remotely. Many employees are using personal devices, which are more vulnerable to cyberthreats.
While utilizing a VPN can be a great first step for businesses, it’s not enough. To be truly prepared for remote work and sophisticated threats, businesses need to analyze their vulnerabilities and implement proper cybersecurity strategies.
This is where we can help.
At Expedient Technology Solutions, we provide Stress Free IT®. Our team of IT professionals makes sure your infrastructure is secure through the creation and implementation of security policies. We analyze and remediate your risks to keep you safe.
Whether you need cybersecurity in Dayton, Cincinnati, or anywhere in the US, Expedient Technology Solutions has you covered.