NewsBite

Government warns on cyber threat

A federal agency warns businesses to be aware of cyber threats caused by coronavirus, with scams and attacks ramping up.

David swan
3 min read
12:00PMMarch 16, 2020.
Updated 12:14PMMarch 16, 2020
Print
A screen promoting remote working using a laptop or a mobile phone is displayed at the World Health Organization (WHO) headquarters in Geneva to promote the fight against COVID-19, the disease caused by the novel coronavirus, on March 11, 2020 in Geneva. - More governments and companies are encouraging employees to work from home as nations scramble to contain the virus. (Photo by Fabrice COFFRINI / AFP)
A screen promoting remote working using a laptop or a mobile phone is displayed at the World Health Organization (WHO) headquarters in Geneva to promote the fight against COVID-19, the disease caused by the novel coronavirus, on March 11, 2020 in Geneva. - More governments and companies are encouraging employees to work from home as nations scramble to contain the virus. (Photo by Fabrice COFFRINI / AFP)

Federal government agency Stay Smart Online has issued an alert urging businesses to be aware of the cyber threats coronavirus poses, as major companies including Telstra and Atlassian order their employees to work from home.

"Instructing staff to work remotely may be one way of minimising the spread of the virus. However, remote work arrangements can have security implications and cybercriminals may attempt to take advantage of this," a Stay Smart Online spokesman said.

"The cyber risks of flexible work arrangements could include malware infection, unauthorised access, data security, and insecure devices used by staff."

Similarly in the US, the Certified Information Systems Auditor (CISA) said that using virtual private networks (VPNs), which enable employees to access their organisation’s files remotely, would become targets for potential cyberattacks.

CISA said they allow for remote work but will also be tempting for hackers.

“As organisations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors,” CISA wrote. “Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.”

Telstra and Atlassian are the latest companies to order their workers to stay home, as Australia’s businesses ramp up protective measures.

Paul Ducklin, principal research scientist at Sophos, said that businesses need to make sure employees can do what they need from home, while still ensuring they can be safe online.

"We’re living in tricky times, so try not to let matters of public health cause the sort of friction that gets in the way of doing cybersecurity properly," Mr Ducklin said.

"If employees genuinely can’t do their job without access to server X or to system Y, then there’s no point in sending them off to work from home," he said. "Make sure you have got your chosen remote access solution working reliably first – force it on yourself – before expecting your users to adopt it."

The executive also warned against leaving employees up to their own devices – literally or figuratively – and be prepared to spend time online helping them fix things if they go wrong.

"If their security software produces warnings that you know they will have seen, make sure you review those warnings too, and let them know what they mean and what you expect them to do about any issues that may arise," he said.

He added that 'shadow IT', which refers to technology used without a company's knowledge, is where non-IT staff find their own ways of solving technical problems, for convenience or speed.

"If you have a bunch of colleagues who are used to working together in the office, but who end up flung apart and unable to meet up, it’s quite likely that they might come up with their own ways of collaborating online – using tools they’ve never tried before," he said.

"The first risk everyone thinks about in cases like this is, “What if they make a security blunder or leak data they shouldn’t?” But there’s another problem that lots of companies forget about, namely: what if, instead of being a security disaster, it’s a conspicuous success?

"A temporary solution put in place to deal with a public health issue might turn into a vibrant and important part of the company’s online presence."

It comes as security outfit Proofpoint uncovered a significant rise in coronavirus-related email scams.

They include fake e-mails from organisations such as ‘Australia Healthcare’, a fake health organisation, including AMA branding within the email, and a fake version of the ‘World Health Organisation’ targeting people in Australia

Research from Proofpoint found that approximately 70 per cent of the scams deliver malware and 30 per cent aim to steal individual’s credentials.

Stay Smart Online recommends remote workers install antivirus software, backup important data regularly, and use two-factor authentication wherever possible.

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

More related stories

Original URL: https://www.theaustralian.com.au/business/technology/government-warns-on-cyber-threat/news-story/83406a0ca50b52d44386b95f61e2349f