To protect individuals and prevent the spread of the novel coronavirus (COVID-19), many organization's business continuity plans (BCPs) are requiring employees to move to remote working. But can this effort to decrease the risk of infections end up increasing the risk of a cyber beach for your organization?Recently, the World Health Organization (WHO) specifically warned that malicious attacks could be on the rise as bad actors attempt to take advantage of an already unstable time to extract personal or financial information, as well as gain access to your corporate systems and software.
The Cybersecurity and Infrastructure Security Agency (CISA) has also issued a warning to organizations, encouraging them to adopt a heightened state of cybersecurity at this time.
According to the 2019 Cost of a Data Breach Study, around 24% of all U.S. data breaches were caused by carelessness or human error.
As you activate your crisis management and emergency response plans, it’s important to review cyber safety guidelines with your employees, as well as, update the cybersecurity aspects of your business continuity (BC) plans so they're ready for use.
Working From Home – Areas of Cyber Risk
Working from home requires increased use of software or devices that are otherwise less involved in everyday working. For example, use of personal devices to communicate, download documents, or monitor emails will increase in a remote environment. Without ensuring proper cyber protection, your organization could be at risk for exposure from these seemingly harmless actions.
Other areas of concern include:
- Off-network communications (such as messaging apps, texting, etc.)
- Email phishing attempts
- Passing files via hosting services, thumb drives, and/or personal email accounts
- Public or unsecured WIFI connections
Recommendations for Organizations to Avoid COVID-19 Associated Cyber Threats
- Require all employee devices to be equipped with your employer-provided security software and the latest manufacturer software updates
- Require multifactor authentication upon each login to a company portal, device, or application
- Only allow remote access through a virtual private network (VPN) with strong end-to-end encryption
- Update all software and devices to decrease risk of infection from malware
- Prohibit working from public places, such as coffee shops or on public transportation, where others could view screens and documents
- Prohibit the use of public WIFI, and require the use of secure, password-protected home WIFI or hotspots
- Enforce additional credentialing for those individuals able to download sensitive data or documents
- Consider restricting access to sensitive systems where it makes sense
- Define a clear procedure and response plan in case of a breach
- Maintain cyber security training via in-house webinars or other online methods.
Recommendations for Individuals to Avoid COVID-19 Associated Cyber Threats
- Don’t reveal personal or financial information via email
- Be wary of unusual links or attachments
- Check website URLs for inaccuracies. Some malicious websites can look identical to the legitimate site while using a slightly different URL (for example .com instead of .gov)
- If you’re unsure whether an email is legitimate, contact the person or company directly to verify it before responding or clicking any links
- Update your home WIFI password. Using the default option can leave you open to malicious attackers
- Prohibit other individuals, including family members, from using devices utilized for work or with work-related documents on them
- Enable "always use HTTPS" feature on your devices to ensure a secure connection
- Keep personal devices up to date to decrease risk of infection from malware
- Report any unusual emails or messages to your IT team.
It's Time for Good (Cyber) Hygiene
In today's climate, pandemic planning is of the upmost importance, but mitigating one risk shouldn't expose your organization to others. Take time now to ensure your crisis management and emergency response plans include cybersecurity best practices. By enacting these guidelines, and reminding your employees of good cyber hygiene, you can reduce the possibility of a bad actor compromising your data.
Written by Assurance Software
Assurance Software takes your company’s enterprise-wide business continuity and resiliency program to the next level. With Assurance as your go-to partner for continuity and resilience, you can confidently mitigate risk, manage recovery, and safeguard your employees, customers, operations and brands.