COVID-19 And Cyber Security
Rapid COVID-19 measures have caught many companies off guard, who had not prepared or tested for remote working (remote working policies, security training and testing of infrastructure, etc.).
The changes in ways of remote working create an opportunity for cybercriminals and, the National Cyber Security Centre sees an increase in phishing emails, with infected attachments containing fictitious 'COVID-19 safety measures'. Some of these phishing campaigns will inevitably end in reportable data breaches; cybercriminals will take advantage of remote accesses that are insecure or generate security vulnerabilities.
Organisations that have made their staff aware of this type of risk will become the most resilient.
Seven Quick Solutions
If remote working solutions have been rapidly implemented in your organisation, here are seven quick solutions to apply to minimise cyber security risks and vulnerabilities:
1. Policy - Refresh and communicate acceptable use of information systems policy which informs staff on how to handle and protect sensitive personal and business information.
2. Passwords - Ensure that staff passwords are strong and have been recently changed. Use multi-factor authentication.
3. Phishing - Conduct phishing simulations with staff to help them to avoid falling prey to COVID-19 phishing attacks.
4. Awareness – Issue regular communications to staff to raise their awareness of the type of cyber risks present so that they are clear of the steps to take.
5. Testing – Conduct vulnerability scanning and penetration testing on critical systems, network or web applications to find security vulnerabilities that an attacker could exploit.
6. Device Security – Ensure personal and company data is accessed by secure devices. Restrict the ability to copy client data to personal devices. Ensure remote workers are using a secure wireless connection.
7. Email Security – Monitor the use of personal email addresses for work purposes. Where possible, restrict the use of auto-forwarding technology to prevent company data sent to personal email addresses.
Even in times of uncertainty, organisations need to own these critical cyber security risks and to build resilience to protect, respond, and recover from cyber-attacks. Mazars supports public and private sector organisations of all sizes in their cyber security technical and organisational controls. We usually carry out these activities remotely.