Raising information security awareness during covid-19 pandemic

Costin Raiu, head of global research and analysis at Kaspersky, claimed that there has been an upsurge by hackers to profit from the recent Covid-19 pandemic. He says “I have never seen anything like this” as hackers are creating various websites named specifically to carry the Covid-19 pandemic theme to attract victims. These are dire times. Nigerian companies and even the Nigerian government need to pay attention to their security protocols to prevent hackers and hacking as the pandemic scare spreads around the country.

As a data protection and cybersecurity information analyst consultancy, I discovered, in the same vein a Mr. Raiu, that hackers are on the loose. They are sending phishing emails, various text messages and employing just about any ruse to attract fresh victims.. The onus, therefore, is on company executives and government bodies to act expediently in ensuring that they and their staff don’t fall for the traps of hackers.

At times like this where people will be scrambling for information and guidance about coronavirus, they often click links and open any website that might feed their quest for information. Hackers are seeking to capitalise on these existing concerns over the spread of coronavirus. Specific targets have included government employees and business executives in places such as China, North Korea, Japan, and the United States. According to Raiu, hackers create above two thousand of such links and websites daily. I believe there would be an increase in Nigeria too.

Some days ago, hackers tried to hack the World Health Organisation but the “effort was unsuccessful” says Flavio Aggio, WHO’s Chief Information Security Officer. The big and small organisation will be victims of a hacking fest during this coronavirus pandemic. To ensure that the attempts of these hackers remain unsuccessful, organisations should take some critical steps.

Just as medical advisers warn individuals to use hand sanitisers, wash their hands, and take other health measures to prevent the spread of the virus, companies too must ensure that their employees take healthy measures in these dire times. Companies must remind employees about the rapid rise in phishing attacks and consider rolling out new training on how to detect phishing attacks and other forms of social engineering that can compromise their businesses.

Many companies have opted for their staff to work from home. They must, therefore, ensure that information, such as personnel records and financial information, stored on or sent to or from remote devices should be subject to heightened safeguards, such as the encryption of data in transit and at rest on the device and on any removable media used by the device.

Communicating with colleagues using IT equipment provided by employers should have the software installed in that keep information secured. And, what’s more, if a security incident ensues on the employee’s personal device, there must appropriate reporting structures designed to reduce widespread damage.

Companies and organisations should attempt to fish out hackers who use their websites, apps and other tools to act as Covid-19 domains for contributions. I have found sites and apps out there masquerading to be banks, charities and so on. For example, there are emails sent by these fraudulent individuals asking people to make contributions towards the fight against the virus, using faux email addresses and logos. If any customer of the said bank clicks on those available links, hacking might take place. The IT teams of such big companies and organisations must work around the clock to stop these emails from reaching innocent people.

The covid-19 pandemic will affect companies and governments around the world and its effect will be in varying proportions. That said, companies and governments must not allow hackers add their poisons on the pandemic.