How companies can protect themselves from cyberattacks during the COVID-19 pandemic

There’s a reason why getting protected online should be one of the top priorities of companies today.

In December, INTERPOL alerted law enforcement across 194 countries to prepare for crimes revolving around COVID-19 vaccines. According to them, hackers are already targeting individuals, companies, and government agencies, with vaccine-related activities also being posted on the dark web.

Meanwhile, a report about the hacking of the European Medicines Agency's (EMA) documents related to the development of the COVID-19 vaccine by Pfizer and BioNTech circulated all over the world. The breached documents included information about the candidate vaccine, its possible side effects, efficiency, and other highly confidential medical information.

Today, cybercrime incidents are significantly increasing as more companies adopt remote work models and online businesses during the pandemic. And now that employees are connecting to company systems through unprotected home Wi-Fi networks, gaining unauthorized access to sensitive information has never been easier-and more dangerous than ever. Hackers will do everything to exploit data breaches for financial gain.

In an interview with Hong Kong Business, NordVPN’s internet security expert Daniel Markuson sheds light on why businesses need to educate their employees on safe internet usage and remote access protocols to protect themselves from cyberattacks. According to him, it’s a mistake for small companies to think they are too small to be a target for hacking, so he provides tips and strategies on how to stay one step ahead of cybercriminals, protect their private information online, and combat cyber attacks using technology.

How do you see the impact of the pandemic affecting people's awareness of cybersecurity?

Cybercrime has been escalating almost every year. Even before the pandemic, hackers perpetrated attacks once every 39 seconds on average. And the COVID-19 situation has just made the situation even worse.

Since March 2020, when the first lockdowns came into force, hackers started taking advantage of the confusion and lowered security protocols connected to people working at home to cause all kinds of harm. A 350% increase in phishing websites was reported in the first quarter of 2020. Cybercrime in Hong Kong alone has doubled to 6400 cases in the first half of last year.

The companies' share of IT budgets dedicated to cybersecurity grew by up to 29% last year. But that is not enough. NordVPN's recent National Privacy Test evaluated the world's online privacy awareness. And the score was only 65.2 points out of 100.

To answer your question, the COVID situation may have brought more awareness to cybersecurity but didn't change or even worsen imperfect digital privacy habits. People keep on making the same mistakes; we still need to educate them to adopt safety and security basics as they keep on spending a lot of time online and working remotely.

What are the biggest mistakes companies have made when it comes to data protection?

The biggest mistake is when companies think that they are too small or too new to be a target. In fact, according to Verizon's 2020 Data Breach Investigations Report, 43% of cyberattacks targeted small businesses. Companies in any industry are vulnerable if they have any connection to a virtual world.

The other common mistake is thinking that cybersecurity is just an IT issue. It is an issue of the whole company as all the employees must have enough threat awareness. Through training, education, and simulations, the entire organisation should know how to identify threats, prevent and recover from attacks.

Also, some companies lack the knowledge of cybersecurity tools and rely solely on anti-virus technologies. Less than 40% of attacks include malware, so you can't rely on security in this spectrum alone. The lack of knowledge also results in using poor passwords across the company. Given that over 80% of hacking-related breaches are tied to weak or compromised credentials, using the same passwords across different logins and systems is one of the biggest mistakes an organisation can make.

Talking about the pandemic, some companies just didn't adapt to remote work, which can be the cause of the rising cybercrime as well. The lack of endpoint visibility and access management systems leaves business' networks open to cyber exploitation and attacks.

What key strategies should companies implement to keep one step ahead of cybercriminals?

Every organisation needs to recognize problems it can face in case of cyber-attacks, ways to avoid it and compulsory steps to follow once it happens. Organisations should have a security policy and make sure the employees - especially new hires - read through it and follow the necessary security procedures.

A company should train its employees and teach them the basics of cybersecurity. It's best to keep teams informed about cyber threats and digital hygiene. Companies should also regularly monitor the use of computer equipment and systems to check employee's digital literacy. Business safety comes down to the employees and whether they follow the established security procedures.

As a digital privacy expert, I would also recommend getting a full set of cybersecurity tools including a business VPN, like NordVPN Teams. Businesses need agile and cost-effective security solutions to prevent unauthorized access to valuable corporate data.

Creating sophisticated passwords and updating the software and tools regularly is essential. To keep files on employee's tools safe, companies should regularly back up data and encrypt important information. The last thing I would recommend is using multi-factor authentication to access the most vulnerable and important company systems.

As a cybersecurity expert, what tips can you give to protect private information online?

There are some digital privacy basics that everybody needs to know. First and foremost, if the person wants to stay private online, he or she should not share too much personal information on the internet. The information a person shares should be protected by strong passwords and a VPN, which encrypts the traffic and protects the user's data and location. NordVPN is a great option for personal use. Avoiding public Wi-Fi and shopping only on secure websites should also help to keep privacy and prevent yourself from data breaches.

With the future relying more on digital, what would be NordVPN's role in combating cyber threats?

Our vision is to become a synonym for digital protection. We think that cybersecurity should be easily accessible and become a part of everybody's life. That is why we create intuitive privacy solutions that everyone can use. We strive to give true online privacy and security to as many people as we can. Our company updates our products constantly by implementing new features helping to protect our users from the growing range of cyber threats. In the future, we will continue to educate society on cybersecurity matters, present new solutions for a safer internet, and improve existing ones.