The COVID-19 pandemic is not totally over, but shelter-in-place orders gradually are. Starting this month, many countries in Southeast Asia are gradually lifting their different forms of lockdown. Some companies are ready to use their well-designed business continuity plans, but those are going to be a very small percentage in the SMB industry. Returning to work post-physical restrictions, SMBs are facing a wide range of challenges including cybersecurity threats.

Based on the latest statistics from Kaspersky, the global cybersecurity company’s Anti-Phishing System prevented 834,993 phishing attempts against companies with 50-250 employees in the first three months of 2020. It is a 56% increase compared with the same period last year with just over 500k fraudulent attempts blocked. In terms of per country statistics, all of the six countries in SEA registered an increased number of fraudulent emails blocked by Kaspersky in Q1 2020 as compared with the same period last year.

CountryQ1 2020Q1 2019

Number of phishing attempts against SMBs blocked by Kaspersky Anti-Phishing System

“It is undeniable and totally understandable that economic recovery and employee health are particularly important for businesses post-lockdown. However, it is essential to not overlook cybersecurity as SMBs gear up to return to business as usual. In the 21st century, phishing attacks are by far one of the most popular forms of cybercrime, which increases in quality and quantity every day. Its danger can range from a simple virus which can be scanned quickly to a multi-million-dollar heist, such as the case of the Central Bank of Bangladesh back in 2016, which was made possible by a targeted phishing email,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“There are some common signs among phishing emails that users should be particularly aware of, such as suspicious attachments or links, poor grammar, spelling errors, unprofessional graphics, unnecessary urgency about verifying your email address or other personal information being asked immediately. Cybercriminals are piggybacking on anything related to COVID-19, too! So to protect organisations from phishing attacks, SMBs should look into securing their email systems and their endpoints as well as empowering their employees about the basic but highly important online habits”, adds Yeo.

To further fend off the risk of phishing attacks, Kaspersky experts suggest the following for SMBs:

Teach your employees about the basics of cybersecurity

For example, not opening or storing files from unknown emails or websites as they could be harmful to the whole company, or to not use any personal details in their passwords. In order to ensure passwords are strong, staff should not use their name, birthday, street address and other personal information.

Regularly remind staff of how to deal with sensitive data, for example, to only store it in trusted cloud services that need to be authenticated for access and that it should not be shared with untrusted third parties.

Since the human factor plays an important role in this type of threat, Kaspersky has also launched a 20-30 minutes free online course, which tackles how companies can secure their current remote working environment. It is accessible through this link.

Employ a password-change policy to your employees

Passwords protect all computers and other devices. Your IT security policy should cover strong password use; also set up a password-expiration policy to force users to change their passwords every 90 days. Avoid logging in to online banks and similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a mobile connection or wait to get to a secure network than to lose all of the money on your credit card or in your bank account. Open networks can be created by criminals who, among other things, spoof website addresses over the connection and thereby redirect you to a fake page.

Patches, updates, and legitimate software

Cybercriminals also tend to exploit vulnerabilities in software to compromise systems. For this reason, it is essential to set aside a time to run patches and updates that are regularly issued by software companies. SMBs should also use only legitimate software to avoid falling prey to attackers targeting the security loopholes of pirated tools.

Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky