Category: Data Processing

Judson Althoff, Microsoft’s executive vice president of worldwide commercial business

Judson Althoff

“As we work through the effects of the pandemic together, it is incredible to see how technology is enabling our customers to be agile and maintain business continuity,” he writes. “We are also seeing them adapt and scale to sustain critical products and services — all while preparing for a post-pandemic comeback and the new normal.”

Althoff also highlights Microsoft’s participation in January at the Consumer Electronics Show and the National Retail Federation conference, as well as the company’s ambitious new sustainability initiatives, and groundbreaking new partnerships in the financial services sector, major league sports, and consumer goods and services.

“While COVID-19 has disrupted lives, the resilience we see today gives me confidence that we will be prepared to build a new normal together, full of opportunity and powered by innovation and ingenuity,” he writes.

Read the full post on the Official Microsoft Blog.

The COVID-19 emergency has seen a significant rise in cyberthreats. Throughout the world, there has been a marked growth in ransomware, fake COVID-19 apps and targeted phishing scams. What threats can we expect in Hong Kong, and how can you best mitigate against them?

Domain name threats in play, too

Domain attacks have also ramped up since the global pandemic commenced, according to cybersecurity company Check Point. More than 16,000 domain names related to COVID-19 have been registered since January, with around 10% of them having malicious motives.

This amounts to almost double the typical number of domain name registrations according to security specialists at Check Point.

Why is it happening?

Because cybercriminals love a vacuum: change and new ways of working can present them with opportunities. A scenario as all-encompassing as the COVID-19 pandemic has not really been anticipated by business, so it is practically impossible to plan for. You can carry out all the cybersecurity due diligence in the world, but it probably would never include a sudden ramping up of millions of people being forced to work from home.

It isn’t surprising that there are many thousands of newly remote workers in Hong Kong who are simply unaware of basic security measures. They are not used to working from home, so why would they be aware of the security requirements around it? As a result, many employees working from home create a new layer of vulnerability through no real fault of their own, by switching on compromised devices and applications. At the same time, many companies are struggling to keep externally-accessed systems secure, and cybercriminals are also becoming increasingly proficient at mimicking emails from health authorities.

How you can mitigate against threats

COVID-19 has forced companies to shift rapidly to remote working at unprecedented scale. Threats have increased, so the way you address them has to change, too. Steps that you can take include:

• Plan: You will by now have realized that any emergency response and business continuity plans you had will likely not have anticipated the COVID-19 crisis. Every potential way forward now should factor in cyber threats and draw up contingencies that can address them. Cyber crisis simulations can help, and while conducting them remotely could be challenging, it might also prove more realistic.
• Defend against phishing: This can be done through training and education of employees. It’s worth trying to set up simulated spear phishing attacks against employees to keep them on their toes during the COVID-19 situation. Try simulating attacks that promise recipients information about COVID-19 or that masquerade as IT help desks performing work from home checks. This can help you improve the defensive skills of your employees and enhance your company’s overall resilience in the face of these increased threats.
• Update homeworking cybersecurity: Ensure that your cybersecurity policy is sufficient as your organization transitions to more employees working from outside the office. Your policy will need to cover remote-working access management, use of personal devices and updated data privacy considerations for employee access to documents and other information. Without the right security in place any devices used to access your corporate network can leave you vulnerable to hacking.
• Monitor shadow IT: Monitor shadow IT, and try to keep your workers working from approved apps and solutions wherever possible.
• Patch: Ensure that your remote access systems are fully patched and securely configured at all times.
• Test: Since we are all still largely creating “work from home” protocols as we go, they are evolving in real time. So keep on reviewing all your protocols and procedures in real time to check for vulnerabilities or potential loopholes.
• Brace for disruption: Be aware that your preventative measures can only realistically go so far. Be ready to respond fast in case of a breach. It generally pays to think of cyberattacks as a matter of “when,” rather than “if.”

Provide clear guidance and encourage communication: Ensure that homeworking policies are clear and include easy-to-follow steps that empower employees to make their homeworking environment secure. This should include instructing employees to communicate with internal security teams about any suspicious activities.