This article is brought to you by the TVLP Institute. Learn more about TVLP activities and programs in innovation and entrepreneurship visiting

TECHNEWS · Sunday, August 2, 2020

Cybersecurity Risks during the COVID-19 time and Tips for New Ventures

Data security is no longer an established-businesses’ problem. This issue affects all enterprises included the new ventures. This article covers the main underlying risks and how to prevent your company from falling victim.

The COVID-19 pandemic has increased the risk of cyber-attacks and the attention of entrepreneurs and CTOs on this matter. The rapid and unexpectedly broad disruption to businesses around the world has left companies struggling to maintain security and business continuity.
As organizations have shifted to remote working to protect their workers while continuing to serve their customers, they have moved the majority of their activity to the digital world—increasing the risk of cyberattacks. In this article, we will review some of the most common risks and list some must-have tools to reduce them.

Major types of cyber risks

Phishing scams

Phishing scams remain to be one of the most prevalent cyber risks of all time. No matter how basic this risk sounds, many businesses, and especially startups end up becoming victims. Phishing attacks are launched through links that normally redirect you to malicious and fraudulent websites. As you are redirected to the other website, the attackers collect all your confidential information such as user accounts, login details, important documents, and so on. In a bid to capture your attention, these phishing attacks are designed to appear genuine and from a trusted source. They may be sent to you via email or as a short message. Hackers may try to compromise the account of a trusted individual in your startup or impersonate him/her and then use the account to send the malicious links to other individuals in possession of the company’s sensitive data.

Data breaches

Data breaches happen when confidential information or data is exposed and accessed by cybercriminals. The breach may happen when a hacker successfully gains access into your startup’s account or when a stakeholder in the startup accidentally or intentionally leaves data exposed. A data breach attack targets sensitive information such as bank account details, credit card information, passwords, and emails. These attacks have caused investors and consumers massive losses. In July 2019, Capital One suffered an attack in which attackers were able to access 140,000 social security numbers, linked bank account details, and social insurance numbers. This single attack affected close to 106,000 credit card customers drawn from the US and Canada.

Ransomware strategies

This is stealing a company’s important information and keeping it on hold for a certain ransom. The prevalence of this attack is associated with the growth and emergence of digital coins, commonly known as cryptocurrencies such as the Bitcoin. The perception is created by the fact that many ransom attackers demand payment in cryptocurrencies in order to retain their anonymity. A ransomware attacker capitalizes on the vulnerabilities that are easy to ignore by the larger majority. For a startup, paying a ransom can be very overwhelming especially when critical data is under attack. In 2017, hackers launched a ransomware attack known as Bad Rabbit. In this attack, the attackers used unsecured websites to carry drive-by attacks to their targets. As it happens with drive-by attacks, the targets were prompted by a fake 'install adobe flash' request that would then redirect them to a compromised page. The link was malicious and only used to spread malware infections.

Secure your company in 4 ways

With the existence of the above risks, and noting that startups are equally vulnerable, you need to think about how you can make sure that your business’ data is safe and secure. Fortunately, this does not have to be a daunting task. The tips discussed below will help you keep your business secure especially if you constantly rely on internet tools to accomplish your tasks.

1. Conduct a cybersecurity risk assessment 

Start by identifying and evaluating the kind of risks that your startup is exposed to and to what extent. To do this, you will need to put several questions across for you and your team, such as:
  • How often do you rely on internet use to accomplish your tasks? 
  • Do you rely on a shared network or devices to access work content? 
  • What is the level of exposure of your devices (phones, laptops, routers, etc.) to risk? 
  • How dire could the consequences be should an attack occur? 
Answering such risk assessment questions should help you identify the areas that need immediate action. It will also help you to decide on the most appropriate action to take.

2. Use a VPN router to secure your work network 

You can also keep your startup’s data safe and secure by using a VPN on your router. There are many benefits to securing your connections. When installed on a router, a VPN connection allows all the users on your office network to stay safe and anonymous whenever they are on the internet. With this in place, you can rest easy knowing that all the files shared, login information, work accounts, and other sensitive data are safe from third parties spying on your network.

3. Maintain the latest software on all your work devices

You or your IT guy must take software updates with the seriousness they deserve. New versions of all the existing software should be installed as soon as they are available. While there might be other reasons for releasing a new version of a software or program, many developers do so after realizing the security vulnerabilities that exist in the previous versions. Hackers take advantage of such security gaps to launch their attacks. Failing to update, therefore, leaves you exposed to most of the common threats. Be attentive to the availability of the latest software especially the operating system and the antivirus. You can enable automatic updates to have the latest versions downloaded on your device whenever they are available.

4. Train your team members 

Scale-up your business network security by training your employees on the best practices regarding data security. Educate them to avoid bad habits such as accessing personal accounts on work devices. Similarly, accessing work accounts from personal devices should also be discouraged. Make sure that all the members of your team have the basic skills of identifying a fishy situation in order to report it to the IT personnel on time. This is the only way to avert potential risks such as phishing emails, malicious links, and spyware programs.

In summary

Gone are the days when hackers and cybercriminals targeted big and established businesses. Today, the attacks are being launched with a target on enterprises of all sizes and even individuals. The unfortunate thing is that startups running on a narrow budget can be affected to the extent of closing shop altogether. Fortunately, for you, implementing the above tips will help your startup stand in a better position in the fight against internet fraudsters and criminals.

Brad Smith

Brad Smith is a technology expert at TurnOnVPN, a non-profit promoting a safe and free internet for all. He writes about his dream for a free internet and unravels the horror behind big techs.

This article is kindly provided by the author. Unsplash

Application deadline in a few days