Cyber defence in the time of COVID-19

April 2020

With orders to self-isolate or social distance, millions of employees are having to work away from the office. For some companies, having their staff working remotely is nothing new. But for a majority, it can be a daunting prospect particularly in ensuring and maintaining the security of the company, and even their employees’ home, network.

Cybercriminals are already hard at work in exploiting the situation. We are seeing reports of an increase in the number of COVID-19 themed phishing emails asking individuals to click on malicious links that download Remote Administration Tools (RATs) on their devices. Suspicious applications giving hackers access to data or encrypt devices for ransom have also been popping up.

So, what can businesses do to ensure their network is not compromised and their employees have a peace of mind about logging on from their remote servers?

Be hyper aware

Vulnerable and internet-facing remote desktop protocol (RDP) portals are often exploited by ransomware cybercriminals. Therefore, awareness of your external IT footprint is crucial in understanding the entry points that attackers will use.

Data security

Basic measures such as network segmentation to limit access from remote users and strict management of administrative rights go a long way in preventing cyber attacks. Encourage safe data handling practices in staff working remotely e.g. password managers, not using private cloud or email for work matters.

Step up monitoring of security operations centres (SOCs). Devise unusual scenarios to detect peculiar or strange activities e.g. frequent change of IP address within a short period of time, user agent, etc.

User authentication

Mandating multifactor authentication is a wise move e.g. SoftToken, HardToken, Digital Certificate. This is particularly important in light of the rise in remote working. Consider implementing an app-based authentication for remote access.

Other measures that companies can consider include time limits for VPN access and whitelisting originating IP addresses.

BYOD/Shadow IT

Ensure endpoint protection on all laptops and mobile devices, particularly any new devices issued, including VPN tools with encryption. Consider mobile management of remote employees’ devices.

At the same time, employees must also do their part in ensuring they maintain the same level of high security when working remotely as they normally would in an office environment. Maintaining good password hygiene, updating systems and software, securing WiFi access points and using a virtual private network (VPN) are just some basic steps that staff can take.

While these measures do not mean a cyber attack will not happen, they will help to reduce the chances of malicious attacks, errors and outages. 

Contact us

Kenneth Wong

Partner, PwC Hong Kong

Tel: +[852] 2289 2719

Kok Tin Gan

Partner, PwC Hong Kong

Tel: +[852] 2289 1935

Felix Kan

Partner, PwC Hong Kong

Tel: +[852] 2289 1970

Follow us