A Cybersecurity Guide for Small Businesses in Response to COVID-19
And how you can keep your employees safe online while they work from home
The ongoing COVID-19 pandemic has a significant effect on companies of all sizes around the world, with issues related to the supply chain, shutdowns, workforce shortages, and event cancelations. At the same time, this period can be lucrative for cybercriminals, as they are using social engineering tactics and preying on targets who may currently be more psychologically vulnerable.
We’ve noticed an increase in phishing attacks and BEC emails during these times. As always, panic-inducing events prove to be attractive opportunities for online scammers, and unfortunately, the latest COVID-19 outbreak is no exception to the rule. Nowadays, cybercriminals are focusing their efforts on tricking people into giving away their credentials or transferring money to cybercriminal accounts while using coronavirus-related materials as bait.
Given the current circumstances, we thought we should create this cybersecurity guide for small businesses.
How are Small Businesses affected by COVID-19?
Businesses of all sizes are affected in some way, but oftentimes, effects on small businesses may prove to be catastrophic.
Some companies will be able to continue their operations remotely, while brick-and-mortar businesses, due to social distancing precautions, may be forced to close their doors for an indefinite period. For example, OpenTable, an online restaurant reservation platform reports that bookings have dropped 47% globally since this time last year. In addition, an increasing number of on-site bar and restaurant services are either voluntarily shutting down, or in countries with a sharp rise in COVID-19 infections, such as Italy and Spain, governments are imposing their closure.
Either way, the majority (if not all) of small businesses experience a slowdown in their activity.
However, others have the privilege of working remotely under the current coronavirus pandemic and still manage to sustain their activity.
Small Business Cybersecurity in Times of COVID-19
Without a doubt, the novel coronavirus is forcing some major changes in today’s modern workforce, pushing companies to adopt different operational methods, while maintaining quality standards and avoiding a decrease in productivity.
Meanwhile, cybercriminals and scammers are leveraging this situation by widely spreading fake emails, posing as legitimate health organizations or government officials. Usually, these messages contain infected attachments or malicious links, which as soon as they’re opened, they infect endpoints with malware or are aimed towards harvesting the users’ login credentials. The World Health Organization (WHO), for example, explicitly warned that cybercriminals are sending phishing emails related to COVID-19, and are impersonating WHO officials to steal confidential data and money.
I recommend you also carefully read the article where one of my colleagues has shared some recent coronavirus-themed examples of cyber-attacks and advice on how you can avoid them and stay safe.
A Cybersecurity Guide for Small Businesses While Working Remotely
Due to the COVID-19 outbreak, your employees might be working from home for the first time in their life. For starters, the concept can be a little daunting and they might fall prey to malicious actors and unintentionally expose your company’s sensitive information. To avoid any cybersecurity issues with remote work and ensure the continuity of your small business, here are the aspects you should consider:
#1. Strong passwords and two-factor authentication
We’ve been stressing on the importance of using strong passwords and multi-factor authentication for an increased level of security inside any organization. A few key pieces of advice in regards to this topic would be to teach your employees to use passphrases instead of passwords, not to reuse them, and use a password manager to store them. Here you can read everything you need to know about creating a great password policy for your business and take a look at the most common password mistakes.
#2. Promoting employee cybersecurity awareness
Although you may be mindful of sending out announcements in addition to the regular coronavirus alerts that are currently circulating, informing your staff about security is still important. We know you may be worried that amidst the current coronavirus outbreak, cybersecurity might be the last thing your employees may want to hear about. But during this critical period, it’s still essential they uphold good cyber-hygiene practices and don’t fall prey to malicious actors who capitalize on this disaster and further disrupt businesses.
Below are some educational resources that will help you out better communicate the cybersecurity essentials to your small business employees.
- Password Mistakes You and Your Employees Are (Probably) Making
- What Is a Credential Stuffing Attack and How to Protect Yourself from One
- The ABCs of Detecting and Preventing Phishing
- What Is Spear Phishing and How Do You Prevent It?
- What Is Social Engineering: The Tactics Used to Manipulate You
- Why Malware as a Business is on the Rise
- Ransomware as a Service (RaaS) – A Contemporary Mal du siècle?
Alternatively, you may also want to subscribe to our Cybersecurity for Small Business Owners Course.
#4. Using Cloud-based collaboration tools
There are many business collaboration apps available out there that allow you to share and store files, view the status of your ongoing projects, track progress, set reminders for upcoming deadlines, create to-do lists, send instant messages, make calls/video calls, etc. Over this period, it’s important that you still stay connected and work effectively with your colleagues. What’s more, now is a great time to give up your on-premise systems and move your workloads to the cloud.
Here are some tools that now have free extended trials in light of COVID-19:
Microsoft Teams – 6-months free trial for Microsoft Teams in an Office 365 trial. The offer is available to any existing customers (including nonprofits) who haven’t activated any other Office 365 trials in the past.
Cisco WebEx – 90-days unlimited usage with no time restrictions, up to 100 participants, and toll-call dial-in in addition to existing VoIP capabilities. The offer is available to businesses that were not already WebEx customers.
Google Hangouts – Until July 1st, 2020, Google makes the Hangouts Meet premium features free. This offer is for G Suite and G Suite for Education customers.
Zoho Remotely – Zoho’s collaboration suite, which includes 11 applications (ranging from video conferencing, instant messaging, business presentation, to project management, remote support, and more) will also be free until July 1st, 2020.
Also, here are some (mostly free) apps to boost your productivity while working from home.
#5. Using Cybersecurity tools that work anywhere in the world.
As more people now work remotely in response to the COVID-19 pandemic, we want to do our part and help them stay safe online.
This is why we are making Thor Foresight free for 90 days (starting with the day you sign up) so that any small business can operate securely during these difficult times.
A few reasons why Thor Foresight will be a great choice for remote workers:
- Your business will be protected from ransomware. If employees accidentally click on malicious links or download infected files, Thor Foresight will block ransomware infections. Data exfiltration will also not be possible even if there is an existing infection on the device.
- Phishing links will be blocked and cyber attackers won’t get the change to trick your employees into providing their login credentials on fake websites.
- Thor Foresight uses Machine Learning to identify yet unknown malware that won’t be detected by traditional antivirus solutions.
- You can update your 3rd-party software and Windows systems. Here you can find out why keeping up with your patching is crucial.
- Thor Foresight is fully compatible with any existing antivirus and provides extra layers of protection.
You can learn more about it and sign up here and we will contact you as soon as possible.
The people from HeimdalTM Security are deeply saddened to see the world taken by storm both in the physical and digital world by COVID-19. We know most companies today struggle with issues related to the coronavirus. We hope you avoid any additional problems associated with data breaches and malware infections during this outbreak and find this cybersecurity guide for small businesses useful.