Rain or shine, cybercriminals are always on the prowl. And with the Coronavirus Pandemic forcing all types of companies outside their comfort zone, cybersecurity issues can quickly take anyone by surprise. No matter what industry you work on or how successful your business is, the circumstances have changed—which means your approach to cybersecurity must change too.
Is Your Business More Vulnerable Now?
Cyber threats are nothing new. Organizations all around the world have been dealing with them long before the outbreak. So, what has changed? Well, from a panoramic view, our way of using tech today is vastly different from a couple of months ago. Yes, I’m talking about remote work. While some sectors like the IT industry have been able to maintain business as usual, the transition to the digital environment has not been as smooth for everyone.
The rapid change of scenery has taken its toll on the security and IT infrastructure of many companies. I know for a fact that even some organizations used to some level of telecommuting have encountered issues that left them somewhat uneven in the playing field. This is exactly what cybercriminals are on the prowl for—susceptibility and vulnerability.
This is not a localized problem or something that anyone is immune to. In fact, last February the World Health Organization (WHO) had to publicly warn individuals and companies about cyber attackers “disguising themselves as WHO to steal money or sensitive information”. The US Center for Disease Control (CDC), the Federal Bureau of Investigation (FBI), and the National Cyber Security Centre (NCSC) in the UK have also issued similar warnings.
So yes, it is very likely that most businesses are more vulnerable to cyber attacks than before. Exploitable opportunities are more common as a result of the rocky economy and the difficulty of our situation. This has made it easier for attackers to infiltrate systems, oftentimes without even being detected.
Is Remote Work the problem?
The scale of the global remote workforce grew tremendously overnight. And not just by the number of users, but also by the number of login devices. This includes personal devices (aka your daily smartphone or home PC) which, in most cases, are not nearly as secure as corporate devices. It was incredibly difficult for the average business to keep track of all this and prepare accordingly.
As a consequence, we are witnessing a massive increase in common cyber threats like phishing. Companies in Italy, for example, have never seen so many attackers hunting for user credentials and malicious login events. According to Cynet’s Global Threat Telemetry, the scale of phishing attacks in February was over three times larger than the monthly average in 2019.
In a way, some could argue that remote work has been the root cause of their vulnerabilities. In reality, however, remote work is not the problem—the problem is the approach most companies have taken towards it. And since the circumstances called for immediate and risky action, it is completely understandable. That can’t go on forever, though, so now it is time to do something about it.
5 Things To Start Doing Right Now
We are already several weeks into the pandemic and it is time to start thinking about what we can do to lighten the burden of its consequences. Considering how big of an impact a cyber attack can have on your business, building a safeguard around all sensitive data will certainly save you from some headaches and devastating scenarios in the future.
- Update All Software: Every single third-party application, device, or system used by your company or employees must be immediately updated to its latest version. New threats and software vulnerabilities are discovered every day. Keeping your software updated is the first and easiest step to widening the breach between you and attackers.
- Review System Access: Every single employee might not need access to all your company’s data. Even if you already have data access policies in place, it is time to review and update them. This will significantly reduce your weak points and limit the damage of any breaches.
- Train Everyone: As cliché as it sounds, your company’s cybersecurity is only as strong as its weakest link. One employee falling for a phishing scam is enough to hit your entire workforce. Make sure everyone knows the basics of cybersecurity and, most importantly, make sure they will contact the IT department in case of any abnormality.
- Power-Up Your Defenses: Cyberattacks are nothing like the movies portrait them. They are deadly and silent like a ninja. The best way to defend against them is to have robust systems and the IT staff necessary to monitor and keep those defenses at top-performance at all times.
- Embrace Zero Trust: Zero Trust takes passwords and multi-factor authentication to the next level. This model uses artificial intelligence and machine learning to constantly monitor the users’ actions and look for abnormalities in their behavior. This includes things like interaction patterns, network connection, device login, time of use, and other variables.
The Road Ahead
The COVID-19 pandemic might have hit the world hard, but it has come at a time when software technology is as accessible as it has ever been. This has given every business the ability to deal with the situation in ways that would have been literally impossible just a decade ago. While there are still many challenges ahead, we should be thankful for this and start using it to our advantage.
The following months will be the time to recover physically, emotionally, and economically from the consequences of the pandemic. Keeping up with cybersecurity will just help us go through all of those processes and avoid tons of unnecessary risks. And remember, this is not just about putting out fires. Whatever security measures you take now will leave a long-lasting impact on your organization.
Stay safe!