The Coronavirus is changing everything. Amid talk of social distancing, quarantine, and stock market crashes, though, there is one aspect of the impact of the pandemic that has been a little overlooked: cybersecurity.
COVID-19 was, in fact, a major part of our most recent round-up of cybersecurity news headlines, but in this article we'll take a closer look at the implications for the safety and security of your data and your staff.
The key takeaway here is that with many staff members working remotely – and some for the first time – you need to put in place systems to protect the data they are working with. This is one of the key reasons for using a VPN, but also points to the importance of conducting regular cybersecurity audits.
You should also recognize that, as an employer, clear communication with your staff is critical at times of crisis. The Edelman Trust Barometer has repeatedly found that a person’s own employer is the most trusted of all messengers, being trusted some 20% more that information given by government, media and NGOs. Communicating clearly, and calmly, can reduce panic among your staff, and with it the risk of them falling victim to a scam.
With that said, here are three major precautions that companies and businesses should be taking for the coronavirus:
1) Stay Alert For Phishing Emails
One of the biggest cybersecurity risks of the coronavirus is how criminals are taking advantage of the crisis to send phishing emails that claim to contain important information about the pandemic.
Phishing emails are a different type of threat that requires a different kind of response. Staff can be tricked into giving away their login details by being directed to a fake site that claims to contain important information. Whilst there are ways of limiting these emails, reducing the risk of them also means that some staff will require extra training in how to spot them.
In order to reduce the risk of phishing emails, you should invest in a set of spam and phishing filters if you haven't already, because these can dramatically reduce the number of malicious emails that get through your system.
You can also give your staff a quick crash course – over VOIP – in the types of social engineering techniques that these scams rely on, and remind them to report any suspicious emails that they receive.
The increase in phishing attacks is only one example of how and why cybersecurity is going to become even more critical for your business than it was before. The average cost of a cyberattack against small-to-medium sized businesses is over $2 million in total, and with cyber criminals exploiting those working from home due to the outbreak, you really can’t be too careful.
2) Encourage Employees to Work From Home
Strange as it might sound, the Coronavirus also offers businesses opportunities. That might not be apparent at the moment, especially in the context of crashing incomes and profit margins.
But it might be that your staff are actually MORE productive when they are working from home, not least because they are able to manage their hours and other commitments with less stress. Equally, it may be that you find that remote working actually improves productivity across the board.
If that’s the case, it’s worth thinking about how you can implement similar policies and ways of working after the crisis has passed. Many businesses find that leasing software via an SaaS business model gives them far greater scalability and accessibility, because this allows staff to continue to work wherever they are. You can also utilize video conferencing software in place of life meaning.
If the crisis has left you scrabbling for security solutions, use this as a learning opportunity. In 2020, businesses need to be agile in order to survive, and implementing tools and training programs that allow your staff to work from home will ultimately result in your business becoming more adaptive and resilient.
Just remember that the main risk of remote working for businesses is that the key data flowing between an employee’s house and your office equipment can be intercepted, stolen, and used against you. This is particularly true if your staff are using their own devices to work from home, because they may not have installed security patches. This is exactly why you should...
3) Use Zero-Trust Protocols Company-Wide
If your staff are working from home, there are a few tools you should put in place to implement zero trust protocols company-wide.
Zero trust is essentially an initiative where you, as a company, decide to not trust anything or anyone outside of your parameters. You then implement an incredibly strict verification procedure for anything attempting to gain access to your systems before the access is granted.
Perhaps the most important step of all is to provide all of your staff with a virtual private network (VPN), which will encrypt their connection to your business network. According to Canadian network security researcher Gary Stevens, “You can think of a VPN as an anonymous shield that protects you and your data while you do whatever it is that you do online.” But keep in mind, if your staff are going to be working from home for a significant period, you will also need to look seriously at greater digital security methods beyond VPN services.
Additional steps should include:
- Installing firewalls to analyze incoming traffic and block anything that seems suspicious
- Actually requiring multi-factor authentication (including biometric authentication)
- Only granting your employees and staff members as much access as they need
- Last, following the practice of microsegmentation, or where you utilize multiple secure zones to store your files, and where a user needs to gain separate authorization for each zone.
In summary, there are a number of key ways in which businesses should prepare for Coronavirus from a cybersecurity perspective. Some strategies will relate to your general managerial approach; others are small tools that can significantly reduce your exposure to risk. And considering that over 50% of UK citizens are confident about the ability of companies to protect their data is all the more reason to take security seriously.
The Bottom Line
The current crisis is likely to bring out both the best, and the worst, in humanity. When it comes to cybersecurity, those firms that haven’t spent the time taking this seriously over the past few years are going to have a nightmare of a time.
If, however, you prepare for the crisis by realizing that remote workers are the biggest cyber threat, and devoting the resources required to secure staff devices, then remote working need not pose a huge threat to your business.