Covering Disruptive Technology Powering Business in The Digital Age

Home > DTA news > Blog > To Protect Remote Workers from COVID-19 Related Email Threats, You Need to Get the Basics Right
To Protect Remote Workers from COVID-19 Related Email Threats, You Need to Get the Basics Right
April 22, 2020 Blog


Due to the COVID-19 outbreak, businesses have had to adapt by deploying remote working policies for employees. This is now a new normal for employees, but unfortunately, cybercriminals have also adapted in kind and are taking advantage of the crisis to carry out their attacks.

For example, by the end of February, Barracuda researches observed that COVID-19-related spear-phishing attacks rose dramatically by 667% compared to January. By mid-March, Barracuda Sentinel detected over 9,000 spear-phishing email attacks that were related to the outbreak. The numbers were just over 1,000 in February and as low as 137 in February 2020.

These numbers show how opportunistic the attackers can be in trying to penetrate our cyber defences and are always keeping up with current issues. They would jump at every opportunity (or tragedy) to enhance the effectiveness of their attack campaigns. In addition, it’s not just security gaps that they target, but also human desperation or altruistic nature that may surface during major incidents.

Case in point; Emails purportedly sent by Singapore Prime Minister, Lee Hsien Loong, asking for contributions towards the COVID-19 situation, have been circulating online recently.

As time goes on, we can expect these COVID-19 related attempts at cybercrime to escalate, with email continuing to be the biggest threat vector due to its widespread use among businesses and individuals alike. That is until the next major event takes centre stage.

Generally, there are a few areas that businesses should take a closer look at to protect their remote employees from online threats:

  • Network segmentation is essential to separate personal devices from the ones used for work. Devices, emails and other applications used for work may be secure, but if they’re on the same network as compromised personal devices or emails, they run the risk of being breached too.
  • Make sure that Multi-Factor Authentication is turned on for all your SaaS applications. SaaS is the backbone that allows employees and businesses to interconnect every day. MFA can at least prevent unauthorised access to your mission-critical applications or misuse an employee’s identity and credentials.
  • Employee devices should also have adequate protection in place, such as endpoint security as well as web security and filtering to restrict access to certain sites on their work devices.
  • Last but not least, ensure that the devices are always up-to-date in terms of patches.

These are just the basics that businesses should have to provide protection from most of the common threats out there. However, some email-based threats, such as phishing, BEC or domain hijacking, are harder to detect by traditional security software.

If you would like to learn in more detail on how you can protect your emails and SaaS applications from advanced threats, security experts from Barracuda will be having a webinar on this very subject on May 5th, 2020 at 10 am SGT. Click here to register for the webinar.