I also discussed the immediate problem of an organization that is unable to
perform necessary tasks and procedures following a cyber attack or breach and
the need for proactive security strategies to counteract this particular type
of risk.
At the time of writing, I did not anticipate the extent of the looming
COVID-19 pandemic and the huge effect it would have on nearly every facet of
daily life, especially business operations.
Responding to COVID-19 Scams
Countless pieces have been published on the ramifications of the increased
reliance on remote work capabilities and the Internet of things during the
COVID-19 age, and it will continue to be important to consider COVID-19's
role in unearthing the business continuity gaps that may have existed in our
organizations leading up to the beginning of the pandemic. Many companies were
left scrambling to enable their employees to work remotely while struggling
with the logistical challenges that remote work brings. Others were made aware
of just how difficult it was going to be to effectively train and educate
employees on current cyber threats, specifically those related to COVID-19.
Between January 2020 and mid-May 2020, the Federal Trade Commission (FTC)
has had 50,827 overall COVID-19 scam reports with $37.16 million reported
losses.1 By taking advantage of the fear and
uncertainty caused by the pandemic, cyber criminals have turned to phishing
schemes as a way to target victims. Remote work tools, such as Zoom, are also
threatened by this wave. Given the circumstances and inherent challenges
already present in remote work, organizations face an even greater risk for
operational failure.
Security Training Is Key
Managing this risk can be mitigated in part with simple security best
practices, such as the use of virtual private networks, multifactor
authentication, avoiding public Wi-Fi, securing endpoints, strong passwords,
email encryption, updating software when necessary, and using only approved
technologies and devices while working remotely. Communicating these practices
to employees is critical, as well as training in phishing attack awareness and
social engineering.
As is always the case, the "human element" of security is the most
important factor in a strong security posture; likewise, it is the most
vulnerable to attack as humans tend to be much easier to hack than our
technologies. Instructing remote employees in what will be communicated
electronically, as well as the general guidance to slow down if an email seems
urgent, appears in any way suspicious, or makes a request that goes against
standard procedures, are also important components of managing security from a
distance.
Conclusion
As many states begin to open back up, we also have to ask ourselves how to
safely return employees to their physical workspaces while remaining capable of
providing remote work options. In the coming weeks, striking a balance will be
an ongoing challenge and one that greatly affects business operations.
As I discussed in my last article, clear communication to employees, the
ability to report cyber events, and cyber-specific leadership are all necessary
to best address operational risks. These days, highlight the need for proactive
strategizing and preparation when it comes to security and technology, even in
the midst of unpredictable and unprecedented circumstances.