COVID-19

Cybercriminals are exploiting the COVID-19 crisis. Here's how to boost your digital immunity

A computer image created by Nexu Science Communication together with Trinity College in Dublin, shows a model structurally representative of a betacoronavirus which is the type of virus linked to COVID-19, better known as the coronavirus linked to the Wuhan outbreak, shared with Reuters on February 18, 2020.

There is more than one kind of dangerous virus we need to worry about Image: via REUTERS

Lori Bailey
Global Head of Cyber Risk, Zurich Insurance Group
Share:
Our Impact
What's the World Economic Forum doing to accelerate action on COVID-19?
The Big Picture
Explore and monitor how COVID-19 is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

COVID-19

  • The increased numbers of employees working remotely presents an opportunity for cybercriminals.
  • Companies must be vigilant and maintain proper controls on their data and finances.
  • Leaders, IT departments and staff must work together to prevent vulnerabilities.

As the world stands together to defeat the coronavirus, another invisible threat is emerging from a different sort of viral adversary: Cybercriminals.

Distracted employees keeping businesses running from home are seen as particularly vulnerable targets for phishing and ransomware attacks as remote working creates new opportunities for stealing sensitive information and for new types of social engineering tactics.

Have you read?

Global losses from cybercrime already reach into the trillions each year and those losses could be all the more devastating for individual businesses given the economic uncertainty brought by COVID-19. As more individuals are compelled to work remotely, it will take a determined focus by all parts of an organization to maintain proper controls on sensitive information and finances.

Such threats must be treated with their own forms of hygiene to prevent infection. Employees must understand the importance of simple, preventive measures they can take every day. Practical tips, such as not clicking links from untrusted users, or not providing account details to unknown sources, can be powerful.

But the current environment requires an even higher level of vigilance across the team. Before allowing remote connections, companies should be certain that employees are adequately trained to fend off potential cyberattacks and know how to report a compromise – particularly when they are working remotely. Only secure connections, preferably through a virtual private network (VPN) or other encrypted mechanism, should be permitted. Multi-factor authentication is another common layer of security which should be deployed across networks. These tried-and-true preventive measures will help maintain a secure digital environment and reduce overall cyber-risk for the organization.

Other cyber-risk management methods may be less well-known, particularly for smaller companies, but should be considered. For example, a mobile device management (MDM) approach creates security controls and an encrypted environment for documents and emails stored in employees’ computers, tablets and smartphones. Companies that use cloud services, meanwhile, should confirm that their security configurations are appropriately strong and are monitored for unauthorized manipulation.

IT departments must ensure that configurations are up-to-date, newly discovered vulnerabilities are patched immediately and that any attempts to connect from suspicious internet addresses are detected as quickly as possible. The department should blacklist access from countries where employees would have no reason to be connecting to the corporate network. It is likely that IT departments will require more resources to maintain the technical infrastructure and manage the heightened fragility of networks that are being put under strain by the increased number of remote connections.

The success or failure of addressing cyberthreats during the COVID-19 pandemic will help answer some of the questions that businesses are now weighing anxiously: Are our preventive capabilities and capacities adequate? Can we rely on external service providers in a cyber pandemic, given the demands on their resources? And how do we ensure that digital supply chains of computing capacity, data storage and the platforms on which applications operate are threat-resilient?

As we work through this unprecedented health crisis, we must not overlook the exposure to cybercrime that comes with it. And in the same way that we are strengthening our defenses against COVID-19, we should not overlook the parallel work that needs to be done to ensure a healthy and sustainable cyber future.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
COVID-19CybersecurityCybercrime
Share:
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Winding down COVAX – lessons learnt from delivering 2 billion COVID-19 vaccinations to lower-income countries

Charlotte Edmond

January 8, 2024

About Us

Events

Media

Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum