Cyber security specialists Secutec warn against corona phishing and hacking
Home working endangers corporate digital security
While working from home is undeniably safer for our health in these corona times, it simultaneously poses serious risks to the digital security of our enterprises, cyber security company Secutec warns. Hackers everywhere are using the crisis to lure people to phishing websites on the corona subject now that employees are working from home and their work computers are not protected by the usual firewall. “In just one week 41,000 such websites have sprouted up, while the number of employees surfing the web outside the protected company network has risen by 70%. This could spell disaster for the security of business data”, Secutec CEO Geert Baudewijns predicts.
Over the past few weeks our businesses have done everything in their power to comply with government directives requiring employees to work from home as much as possible. This is an excellent measure to protect employee health and to contain the spread of the coronavirus. However, Secutec points out that many companies have not considered the consequences this will have on their digital security – just a few weeks ago the company rushed to the aid of the municipality of Willebroek when its systems were taken over by hackers.
“The consequences are often much more severe than companies think”, says CEO Geert Baudewijns. “First of all, out of sheer necessity many IT departments are digging up their old computers and VPN devices. They do this with the best of intentions but as these devices are no longer up-to-date, they are hardly protected, if at all. Moreover, most people are now working from home on their work computer on their – often unprotected – home network instead of on the firewall-protected company network. In just one week, activity on the company networks has dropped by a whopping 70%. In other words, the vast majority of people are working from home on an unprotected network.”
41,000 corona phishing websites in a single week
Hackers have caught on to this as well. “To them this is a gold mine and they’re jumping on the opportunity like vultures on a carcass”, Baudewijns explains. “This is obvious from the number of corona-related phishing websites that have sprung up in just one week’s time: no fewer than 41,000 and that’s just the ones where the word ‘corona’ is part of the URL. Sources estimate the actual number of corona phishing sites is 15 times higher – more than 600,000. No less than 80% of all cyber attacks our systems are currently intercepting are launched by such a website – under normal circumstances this is just 32%.”
These phishing websites lure people in with fake corona news messages (via email or social media), such as ‘Do you have corona’? Find out here’. “If you open such a website on an unprotected computer it can easily infect or even take control of your computer without your knowledge”, Baudewijns warns. “This makes it very easy for hackers to access loads of company data via your computer, especially when you go back in to work in a few weeks’ time and connect with the company network, allowing the virus to spread across the entire company.
This can lead to serious data breaches or even data kidnapping, where hackers block all data and demand payment of a ransom.
List of phishing websites
To prevent this from happening, Secutec advises employees to treat every email they receive with the utmost caution and to only visit official websites with info on corona. Also, make sure you’re using the official link when logging in to the company website because these pages are often duplicated.
Secutec urges companies to have their home working employees surf the web via the protected company network whenever possible. “But we also understand that this is often not an option as this would overload the network”, Baudewijns continues. “A company would have to process the incoming data flow of every employee in its entirety and send it back using security protocols. This would mean doubling their infrastructure and that is all but impossible.”
Consequently, during the corona crisis (at least until the end of June), Secutec is offering companies the opportunity to have their employees work safely via their SecureDNS system, free of charge.
The system checks every internet connection beforehand and blocks harmful websites so as not to tax the company network.
Moreover, the cyber security specialist will also provide interested companies with free daily updates of the list of phishing websites so they can boost the protection of their own systems.
Companies that are interested in these free extra services will find moredetails at www.secutec.eu/securehomeoffice.