The Online Security Risks of the COVID-19 Pandemic | Quisitive
Solutions
Integration & Consulting
Help you move, operate, innnovate and thrive within the Microsoft clouds.
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Explore the full list of technologies that our expert consultants can support.
Azure
Microsoft Teams
Microsoft 365
Power Platform
Dynamics 365
Power BI
Microsoft Copilot
Power Apps
Azure OpenAI
Sharepoint
Microsoft Fabric
Microsoft Sentinel
Azure Synapse
Windows
SQL Server
ERP Technologies
System Center
Microsoft Viva
Azure Virtual Desktop
Business Needs
Departmental solutions to ensure cloud and technology enablement across every area of your business.
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Help you translate software so you can capture new business worldwide.
Language Engineering & NLP
Translations & Localization
Licensing
Experts in Microsoft cloud licensing and optimizing costs for your business.
Products
EmPerform
Provide people managers with flexible employee performance management software.
Velocity Insights
Monitor, analyze, and prioritize .NET, JavaScript or Node JS errors – all on one dashboard.
AgeChecker.net
Ensure local and federal compliance with our age verification tool for retail.
PowerGov
Engage citizens with a community development app for city maintenance and management.
MazikCare
Embrace patient-centered, collaborative care with our suite of real-time health solutions.
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
AMS
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
ShopFloor
Empower production managers with cutting-edge manufacturing process management.
Spyglass
Take a proactive, continuous approach to optimizing your security environment and strategy.
Managed Services
Azure Management Services
Deliver on your cloud strategy with a team that continuously monitors, improves, and optimizes your Azure environment.
App Dev Program
Ongoing enhancements, app security, DevOps and reporting for apps running in Azure.
Data & AI Program
Operational support for running, monitoring and managing services for the Azure Data Platform.
Dynamics Program
Ensure the health of your Dynamics environments, optimize usage and encourage user adoption.
Digital Workplace Program
Optimize Microsoft 365 security, usage and user adoption with our digital workplace experts.
Security Program
Take a proactive, continuous approach to optimizing your security environment and strategy.
Power Platform Program
Get an extension of your team that ensures the health of your Power Platform.
Industries
Manufacturing
Education
Public Sector
Financial Services
Healthcare
Energy
Retail
Software
Resources
Blogs
Case Studies
Library
Newsletters
Events
News
Learning Channels
About
Investors
Leadership
Microsoft
Our Approach
Our Partners
Our Story
Awards & Recognition
Careers
Support
Contact us
Solutions
Back
Solutions
Integration & Consulting
Application Development
Data & Analytics
Artificial Intelligence (AI)
Business Applications
Security
Digital Workplace
Infrastructure
Product Development
Technology
Azure OpenAI
Microsoft Copilot
Microsoft Fabric
Azure
Azure Synapse
Azure Virtual Desktop
System Center
SQL Server
Microsoft Sentinel
Microsoft 365
Sharepoint
Microsoft Teams
Microsoft Viva
Windows
Power Platform
Power BI
Power Apps
Dynamics 365
ERP Technologies
Business Needs
Sales & Marketing
Operations
Human Resources
Finance & Accounting
Customer Service
Localization Services
Language Engineering & NLP
Translations & Localization
Licensing
Products
Back
Products
EmPerform
AgeChecker.net
MazikCare
Care Path
Care Provider Link
Care Supply
Payer Matrix
Data Fusion
ShopFloor
Velocity Insights
PowerGov
AMS
Spyglass
Managed Services
Back
Managed Services
Azure Management Services
Data & AI Program
Digital Workplace Program
Power Platform Program
App Dev Program
Dynamics Program
Security Program
Industries
Back
Industries
Manufacturing
Healthcare
Education
Energy
Public Sector
Retail
Financial Services
Software
Resources
Back
Resources
Blogs
Events
Case Studies
News
Library
Learning Channels
Newsletters
Investors
Back
Investors
Financial Reports & Results
Investor News
Earning calls
Contact
Contact us
About
Back
About
Our Story
Investors
Microsoft
Leadership
Our Partners
Awards & Recognition
Our Approach
Careers
Support
Search
Back
Terms of use
Privacy policy

The COVID-19 outbreak and the resulting lockdowns have an enormous impact on online security.

People are working from home en masse, but many companies are not well prepared to help employees work securely from their home office. In addition, a lot of people are not aware of how to avoid security risks on their own.

And it’s not just professional activities that we should be concerned about. In many countries, most stores outside of pharmacies and groceries are closed, which means that more people than ever are shopping online. This includes many people who have never shopped online before and who may be more vulnerable to security threats.

This sudden change in how we have to live and the big shift to digital activities causes enormous chaos — and chaos is something that cybercriminals love and will happily exploit.

In this blog, I list some of the online security risks that you should be wary of.

Working from home means that employees:

While some companies are experienced in securing the infrastructure and tools that are used to work from home, a lot aren’t. And if quick decisions have to be made, security is often forgotten.

Risk 1: Poorly Configured or Non-Updated Servers

In March 2020, we found there was:

The fact that servers are exposed via RDP and that more VPN servers are online doesn’t mean that they are all vulnerable. However, we know from the past that a lot of them will be poorly configured and not regularly updated, which gives criminals an easy entry point into organizations’ internal networks. It’s fair to conclude that the potential for attackers is now a lot higher than it was a month ago.

It’s not only limited to web and VPN servers. Security researcher Inti De Ceukelaire, found hundreds of internal service desks that were made publicly accessible due to COVID-19. Because they were misconfigured, an attacker would be able to easily gain access to internal company information.

Risk 2: Insecure Video Conferencing Tools

Another real risk is video conferencing tools that are heavily used at the moment. When video conferencing software has vulnerabilities or when meetings are not properly set up, unauthorized users have the opportunity to disturb the meetings — ZoomBombing for instance — or worse get ahold of users’ confidential data or company sensitive data.

Zoom, the popular video conferencing tool of the moment, has been covered extensively in the news lately due to security and privacy issues. If you’re still allowed to use Zoom and have not already made the switch to a platform like Microsoft Teams, make sure to follow these security and privacy tips from Kate O’Flaherty and EFF.

Risk 3: Photo or Video Sharing

A risk that companies often overlook is their employees sharing pictures or videos that might leak sensitive data that can lead to security incidents or even data breaches for the company. This risk certainly increases now, when people are heavily sharing pictures of their home workplaces.

As the COVID-19 virus rapidly spreads, so do malicious campaigns. Analysis by Trend Micro shows that almost two-thirds of all threats are malicious email. Malware accounts for almost 27% and malicious URLs and domains for 7.5%.

All these different forms of malice have one thing in common: They use COVID-19 as a means to lure people into installing malware or giving away personal or financial data (phishing) or transferring money to a criminal posing as a colleague (BEC scams).

Another kind of COVID-19 related malice is extortion emails. Criminals threaten to infect the family of potential victims with the coronavirus. They try to convince a potential victim that they have access to their computer and know everything about them. By showing one of the user’s passwords, they hope to make their claims more credible.

One example of these kinds of malicious activities is the recent cyber attacks on medical organizations. While several ransomware operators stated they would not attack medical organizations, the Maze ransomware group attacked a medical facility a few days later.

And a few weeks earlier a Czech COVID-19 testing center was hit by a cyber-attack.

In early April, Interpol published their findings of ransomware attacks against critical healthcare institutions. Their Cyber Threat Response team has detected a “significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”

There are plenty of recent examples like this, and it’s certainly not only medical companies that have an increased risk of cyber-attacks. All companies have to deal with a very exceptional situation at the moment, which implies additional risk and chaos as they move to create a secure remote working experience for employees.

Conclusion

It’s terrible that in these difficult times online crime is impacting us more than ever before. That’s why it’s very important to apply a few security best practices so that you or someone in your organization doesn’t fall victim to these security threats. Stay safe!