COVID-19 has forced us into many new habits in all aspects of our lives – social distancing, constant hand washing, squirts of sanitiser, and the now common practice of working from home.
Unfortunately, as with many situations nowadays, opportunists will act quickly to capitalise on a crisis and whilst attention is focused on health and the economy, cybercriminals have ramped up their activity.
In recent months, there has been a significant spike in phishing attacks, Malspams and ransomware attacks with criminals using COVID-19 as the bait to snare and mislead employees and customers, most likely resulting in infected mobile phones and computers, and it’s not just businesses that are being targeted but end-users as well.
With an increased reliance on technology to manage projects, liaise with clients, store confidential and sensitive data, and collaborate with colleagues, internet activity is becoming increasingly vulnerable.
As a consequence, organisations need to advise employees and clients to be extremely cautious when carrying out day to day activities such as opening links, emails or documents related to COVID-19, ensuring their detection capabilities are sufficient and remote workers are front of mind.
When implementing measures to safeguard your organisation against cyber attacks related to COVID-19 or any other potential risks, the following insights and actions will help you in shaping or updating your strategy.
Insights and actions
- COVID – 19 related content will inevitably increase our level of engagement and potentially lure us into breaking standard security practices and sharing highly confidential information. Higher threat levels may in turn create delays in spotting malicious activity quick enough to prevent a security breach.
- To combat this, PSA’s need to ensure that their security monitoring is up to date and will provide effective alerts. With a high percentage of the team now working from home, threat detection should include all remote devices.
- In the scramble to equip teams to work from home, new tools and technology were selected and deployed in record time. Whilst this was fantastic for productivity and enabled ‘business as usual’, security controls and disruption to suppliers and contractors may have negatively impacted data security, unwittingly compromising sensitive details.
- Ensure a review and refresh of technical data mechanisms takes place confirming that they are current and in place. Remind employees of the importance of data protection practices in their work and home environments.
- With a remote workforce, there is a much higher chance that employees will use their own personal devices and unauthorised applications which significantly increases the risk of cyber attacks.
- If not already in place, organisations need to establish guidelines for remote workers and configure application security and secure virtual private networks (VPNs) for remote device access. Regular scanning and increased security measures to combat unauthorised device and application use will also have a positive impact.
- Unfortunately, one of the many impacts of a crisis is the need to reduce headcount and re-structure which can also create risk.
- Organisations should look to update their security architecture and implement a robust insider threat monitoring program as well as proper exit plans to ensure long term IP.
- Most organisations will have a business continuity plan in place, but it is unlikely to take a global pandemic such as COVID-19 into consideration.
- Ensure BCP’s are revisited and updated and that all processes and practices that are vulnerable to cyber attacks have been addressed and cyber risk management measures are in place as part of your response plan.
COVID-19 will change our personal and professional lives forever, how often we wash our hands, how we interact with others, where we work, how we buy things and what we value. Part of this new landscape is to consider the increased risks to the data security for our businesses, ourselves, and others and what cyber risk management measures we can put in place to mitigate this.
When you work with Aptus Business Solutions and Sage Intacct, you entrust us with your company’s highly confidential business information. We take that seriously. Download our whitepaper to find out exactly how Sage Intacct works to keep your financial system secure and available.