America is in an upheaval and U.S. corporations need to pay attention. The coronavirus pandemic and social unrest are combining to form the perfect storm for a country whose businesses already are vulnerable to different and more frequent attacks to their infrastructure via data breaches and ransomware threats. Threat actors and cyber criminals are observing the news in America and determining how to best attack U.S. businesses when they are paying attention to resuming business in a “stay-at-home” world. Businesses must revise, implement, and monitor their risk management practices – and they must do so with haste.
With more Web-connected devices and more people working from home than ever, organizational boundaries have shifted. Long gone are the days when a firewall alone was sufficient protection against a cyber-attack. To better manage risk, corporate leaders must adjust their security programs to not only match scaled-up operations and work-from-home scenarios, but also anticipate the next wave of breaches and cyber-attacks.
COVID-19, social upheaval and increased cyber risk
As more people are staying closer to home, they have shifted more of their traditional in-person activities to an increasing online format. Workers are using videoconferencing services, collaboration platforms and other cloud-based applications to do business throughout their day. In their free time, they are going online to read, chat, stream videos and shop. These behaviors can put stress on cybersecurity controls in the form of unsecured data transmissions.
In addition, email phishing campaigns are on the rise. Scammers posing as someone an employee knows are increasingly attempting to gain information and access to protected systems, counting on overwhelmed users transitioning to a new (for some) telework process to illicit hits and compromise these users.
What can be done now by corporations (and their trusted advisors)
Now more than ever, corporations should be looking to their trusted outside experts to provide information and advice on the changes they need to make now to bolster infrastructure and reduce risk associated with protecting data.
- Before you even implement a work-from-home strategy in your home, ensure you have common sense practices like securing your Wi-Fi with a strong password, segmenting family members to other parts of your home network, and ensure your IoT (Internet of Things) devices are secured and not publicly accessible.
- Limit conference platforms to a few platforms, and ensure these platforms use secure authentication methods
- Ensure policies for secure telework EXIST and are DISSENMINATED before approving telework access. Using cloud applications and the like without proper procedures can still provide attackers with threat vectors to exploit.
- Decide at the onset whether BYOD is permitted, or if only company-provided resources should be used. Actively monitor user devices and connections regardless of the devices used.
With upheaval from COVID-19 and social unrest, cyber criminals will continue their efforts to exploit America’s fears and digital vulnerabilities. Corporations need to act now to ensure their risk management and cyber security strategies are staying at least a step ahead of attackers – and to secure the integrity of their most valuable assets.