At the outset of the COVID-19 pandemic, millions of organizations were forced to quickly learn how to operate remotely. For some, the shift to working from home was already happening on its own, but it is estimated that the pandemic accelerated the change by up to seven years.
At the same time, the urgency of the pandemic and the need to quickly adapt to remote working has deterred many businesses from treating cybersecurity as a priority. Criminal hackers have taken advantage of the economic and political challenges presented by the pandemic, by targeting critical supply chains among many other things.
Here, we explain what these changes mean for nonprofits: how the changes brought about by the pandemic create more opportunities for cybercrime, the role of human error, and the importance of educating your team, and why these changes are here to stay.
We also highlight some great tools that can help to protect your data and reduce the risk of a cybersecurity break in your organization, allowing you to direct more time and resources towards supporting your community and focusing on your mission.
As remote working becomes more sophisticated and more normal, so do the methods of criminal hackers. Just like all industries, cybercriminals are taking advantage of advances in technology to make their methods more effective.
Up to 90 percent of cyber incidents succeed by exploiting human vulnerabilities, and so innovations in technology can also be used to create more opportunities to manipulate individuals.
Machine learning, 5G technology, and artificial intelligence are all used to increase the odds of success for a ransomware or phishing attack.
For example, AI technology could be used to automatically create personalized and realistic emails and evaluate the best targets. Machine learning helps to analyze human behavior and make these attacks more sophisticated.
All of this increases the odds of catching a busy employee off guard and executing a successful attack.
Evolving technology, increased remote work, and ever-smarter cyberattacks — none of these will be reversed when the pandemic subsides, and all are likely to be a permanent feature of our lives as we work, shop, and communicate online. For this reason, investment in quality cybersecurity tools is incredibly important and will remain so for years to come.
Hackers aim to exploit their victims' cognitive biases: the areas in which their subjective reality deviates from rational judgment. They might attempt to tap into someone's authority bias, for example, by addressing an email from the person's boss.
The most common cognitive bias used by hackers, however, is the halo effect. People tend to have a positive and trusting attitude towards brands they know, and so their guard is often down when they receive an email from such brands.
A busy employee may not register minor telltale signs, such as a fake sender email or grammar errors. This could lead to the employee clicking a link, downloading a file, or sharing logins, allowing the hacker to access confidential data or installing malicious software on the employee's computer.
Ransomware and phishing attacks remain the most common forms of cybersecurity threat, with phishing accounting for 80 percent of incidents, and malware attacks increasing by almost 400 percent last year.
Ransomware attacks are relentless, with a victim every 10 seconds in the United States, and they cost American businesses billions of dollars every year. But the problem is a global one — a fact that's illustrated by the recent creation of an international Ransomware Task Force (RTF).
The success of ransomware attacks relies upon individuals and businesses failing to properly educate their staff and protect their information and their organizations. Hackers only need one human error in order to gain access to data that could be used to launch a full-scale attack.
Although we are now moving slowly out of pandemic restrictions, our newfound dependence on technology and the resultant vulnerabilities are here to stay.
From free antivirus software for personal use to security solutions for global organizations, Avast has a solution to suit every organization. Last year, TechSoup partnered with Avast to create a range of great discounted and donated solutions for nonprofits.
Among the rapidly changing nature of cybersecurity and the growing popularity of remote work, it is more important than ever for nonprofits to invest in mitigating cybersecurity risks.
To prevent phishing attempts, alongside educating your team on the signs of a phishing email and ensuring that antivirus software is up to date, Avast's CloudCare Secure Web Gateway can help.
Secure Web Gateway helps to block phishing attacks by blocking malicious downloads and URLs and analyzing sites opened by employees for signs of foul play.
CloudCare Managed Antivirus protects your organization from viruses, malware, spyware, and other threats. It works in the background to mitigate threats to your data and offers a dashboard to allow you to manage both on-site and remote devices.
Automatically generated reports allow you to clearly see all threats blocked by the program, as well as which devices are unprotected or overdue for an update.
Avast's CloudCare Content Filtering regulates online content access, blocking access to websites that threaten security or productivity. You can choose to block access to sites by category or choose the sites yourself. You receive historical reports on user activities.
This can help you to reduce the bandwidth absorbed by employees' personal use and reduce the likelihood of bringing security risks into the network.
CloudCare Patch Management allows you to fix and prevent vulnerabilities in your software. The tool will scan your devices for weaknesses, such as outdated software, and allow you to patch the issues to maintain security compliance.
Aside from this, Avast's ransomware protection tool can work in the background to detect any malware threats, constantly innovating to account for the ever-changing nature of ransomware attacks.
To avoid ransomware attacks, a key strategy is to educate your employees on spotting the signs, keep antivirus software updated, and back up your data using the 3-2-1 rule. This rule suggests that you have at least three copies of your data, saved across at least two types of media, with at least one of those copies saved offsite.
If you need support in ensuring that your organization is secure, TechSoup has plenty of great resources for building effective data protection strategies.
For a reliable data backup system, Veritas Backup Exec is an effective and easy-to-use option. It allows you to back up multiple servers simultaneously and easily recover your data in the event of a breach.
An intuitive interface makes it accessible, simplifying the setup and configuration process. A range of storage options means that it is suitable for most organizations' needs.
Perhaps a better fit for organizations of fewer than 50 employees is Veritas System Recovery. This program specializes in whole-system recovery, enabling you to restore your entire database to the same or a different hardware system or to a virtual environment.
In the event of a data breach that renders your entire system inoperable, Veritas System Recovery is an effective and affordable solution.
For great deals on Veritas software, check out Veritas for Nonprofits.
Cybersecurity has never been more important. We work, shop, and look after our money online, and every point of contact provides an opportunity for hackers to infiltrate.
In this new era of cybersecurity threats, access to effective and affordable software is critical for nonprofits, who often hold their clients' and funders' personal information and operate on limited resources.
TechSoup has partnered with industry-leading companies such as Avast and Veritas to provide great discounts and donations of their services for nonprofits, making vital cybersecurity systems affordable for even the most stretched budget.
By investing in cybersecurity, you can protect your organization, your employees, and your communities from the ever-increasing risk of malware and phishing threats.
Written by: Amy Hooper
Co-published here: https://blog.techsoup.org/posts/cybersecurity-in-the-time-of-covid