As with any crisis, there will always be a few unscrupulous individuals who will go to any length to capitalize on it. The COVID-19 pandemic is one of such, as cyber criminals exploit data and hardware security vulnerabilities hence posing enormous security threats to companies and employees’ information.

While the virus has “shone a light” on the use of technology as our interactions are now largely dependent on digital tools, e.g. video calls, social media posts and downloading various chat applications, there is a fast growing influx of ransomware attacks such as phishing emails and malware. This has also been due to hackers capitalizing on the emotional vulnerabilities of people to drive urgency that is aimed at siphoning company and personal information; possibly to steal money or use stolen information for ransom.

Majorly, the attacks are occurring through the following ways:

  1. Malicious links or attachments about the pandemic prompting you to open them, some of which are shared through WhatsApp forwards.
  2. ‘’Free’’ access to obscure websites that lead to malware attacks.
  3. Installation of viewing and some video conferencing applications that hackers are using to siphon hack into employees’ computers.
  4. Increased risks in online payments via credit cards, where some sites may prompt you to give your card details to access information.

Generally, it is easy to exploit and scam people using the coronavirus themed messages and links because it is what the entire world is talking about.

Read also How auditors can successfully complete their audits in the wake of COVID-19.

Way forward

Care and caution must be exercised by companies through their IT security departments to ensure that their employees are not victims of cyber-attacks by observing the following:

  1. Companies need to ensure that they are able to check for potential security threats and establish robust security measures to prevent data breaches.
  2. Employees need to escalate any data security concerns to their IT experts in the company.
  3. Employees need to stick to file sharing and collaboration tools that have been provided by the company.
  4. Desist from opening suspicious click bait emails or attachments or WhatsApp messages that contain these links.
  5. Employees should exercise vigilance when installing software especially video conferencing applications and when signing up to new services. Ensure that any app installed are the original versions from a trusted source.
  6. Be wary of emails or links that prompt you for personal information such as credit card details. Essentially, there is no reason to provide your usernames or passwords to access any information regarding the pandemic.

In a Nutshell

Companies need to educate their employees on cyber security threats such as phishing emails, ransomware, malware and antivirus soft wares.

Employees should stay away from any abnormal activities on their networks, servers and devices while the IT department should obtain online and offline backups.

Most importantly, cyber security should be viewed as a brand protection problem.

For more information regarding this alert, please contact;

Michael Kimani

Advisory Partner

t +254 715 248882 | +254 733 533449

Mkimani@mgkconsult.co.ke