Cybersecurity in the time of Coronavirus

Introduction

Khyati Simran Nandrajog
Zubi.io
6 min readApr 9, 2020

--

With the coronavirus or COVID-19 showing no signs of slowing down, several countries have been forced to impose lockdowns. As a result, many people are compelled to work remotely. However, with the rise in the number of employees operating from home, concerns related to security have also increased. Let’s take the instance of Zoom. An app that was initially used only for video conferencing across businesses had witnessed a 535 per cent jump in daily traffic to its page in March 2020 and has become the most downloaded application on iOS. Currently, Zoom is used not just for company meetings, but also for classroom teaching and informal conversations among people. However, on March 30, it was reported that the app was under investigation by the FBI over allegations of video hijacking where hackers crashed into Zoom meetings and shouted racist slurs at users.

In such circumstances, cybersecurity has become more crucial than ever. Although working from home might probably be a temporary situation, businesses suffer from losses and poor productivity if security is compromised. This article discusses what cybersecurity is in detail and its importance in the time of COVID-19.

What is cybersecurity?

In simple words, cybersecurity is the practice of protecting computers and other electronic devices from malicious attacks. Some examples of malicious attacks are malware, Trojan Virus, spyware, ransomware, adware, botnets, phishing, SQL Injection, and so on. Cybersecurity is also known as ‘information technology security’ and ‘electronic information security’.

Cybersecurity is broadly categorised into four types, namely:

  1. Network Security- Network security refers to the practice of protecting servers over a network from malware and other attacks.
  2. Information Security- Information security is a form of cybersecurity whose objective is to ensure that the integrity and privacy of data are maintained, whether in storage or transit.
  3. Application Security- This form of cybersecurity focuses on protecting software in electronic devices from malicious threats, and is installed well before an appliance is available for use.
  4. Operational Security- It includes the processes involved in protecting data assets. Operational security consists of determining which users can access data, and where and how data can be stored or shared.

How does cybersecurity work? It depends on cryptographic protocols for the encryption of data, along with end-security software, which scans computers for any malicious code, quarantines it, and eliminates it from the system.

At present, the threat to online security continues to multiply, with the International Data Corporation stating that the expenditure on cybersecurity will increase to USD 133.7 billion by the year 2022. Some industries that are most vulnerable to malicious cyberattacks include the medical sector, retail, and public sector undertakings.

Risks associated with working online

Post the World Health Organization declared COVID-19 a pandemic, working from home has become more of a compulsion than a choice. As the number of businesses operating remotely soar, it is essential that organisations prioritise the security of their data, otherwise, there will not only be a loss in productivity, but possible lawsuits and fines to be paid.

One of the most pressing problems of working from home is the mistakes employees make unintentionally. For instance, if an employee has to send a critical mail containing confidential information immediately but cannot do so from the organisation’s system due to a technical glitch, they may use their personal computer for the same. As a result, it puts the company’s data at risk since the private system may not be as secure.

Often, there are some significant risks that companies face while allowing employees to work remotely. Such risks comprise the inability to ensure the privacy of the location from where the employees are working from, lack of control over the security of the networks, absence of training of the best practices of information security, and incomplete knowledge on how to work from home.

In a survey conducted by Dimensional Research in collaboration with Check Point Software Technologies Limited, around 411 employees working across 500 organisations internationally were asked questions regarding the security concerns of working remotely. The findings showed that 95 per cent of respondents reported facing additional security issues since they began working from home after the spread of coronavirus. Sixty-one per cent of them were worried about the risks associated with making rapid changes for working remotely, 55 per cent believed that virtual access security needed improvement. In comparison, 49 per cent raised concerns about having to scale-up endpoint security.

An example of privacy concerns arising as a result of working remotely is the case of Zoom. Currently, Zoom is one of the go-to apps for conducting virtual meetings, whether casual or professional. Nevertheless, several questions have been raised regarding the security of the app. Firstly, Zoom can be accessed by anyone, since one only requires a short number-based URL to participate in a meeting. Another issue with Zoom is that the company falsely claimed that the app had end-to-end encryption which was later proved untrue. Lastly, Zoom was accused by several users of being unknowingly added to calls through a hidden web server installed on their devices via the app. Although Zoom mentioned that it was working to resolve these issues, it has already put the data of several users at risk, particularly in times when a growing number of people are using it for work purposes.

What can be done?

With the lockdown not looking to end anytime soon, there are various measures that organisations and individuals should undertake to make sure that their data is protected while working remotely.

One of the essential steps that firms must take is to monitor all their vendors. Businesses must assess their relationship to their vendors, the kind of company data they possess, gain control by finding solutions to do a thorough background check of vendors, and regularly monitor their security posture. These steps are crucial so that in the event where data may be compromised, the organisation can either limit or block data access for the vendor.

For employees, they must create different passwords for every account that they use since a hacker only needs a single password to attack all accounts and websites associated with it.

Secondly, two-factor authentication should be enabled, which adds an extra layer of protection to the user’s accounts. The two-factor verification can be in the form of an email confirmation or text message confirmation or facial and fingerprint recognition. This step could be beneficial in case someone is trying to access a user’s account through a different system or location. Additionally, employees must get antivirus software installed on their devices and secure their home WiFi. Last but not the least, each user must back up their data, either on the cloud or a hard drive, so that even if their system crashes or becomes the victim of a malware attack, their data is safe.

About Zubi:

Zubi is an emerging technology empowering platform. Helping students take an exponential career leap by providing learning, assessments and jobs everything in a single place.

--

--