How you can mitigate against threats
COVID-19 has forced companies to shift rapidly to remote working at unprecedented scale. Threats have increased, so the way you address them has to change, too. Steps that you can take include:
- Plan: You will by now have realized that any emergency response and business continuity plans you had will likely not have anticipated the COVID-19 crisis. Every potential way forward now should factor in cyber threats and draw up contingencies that can address them. Cyber crisis simulations can help, and while conducting them remotely could be challenging, it might also prove more realistic.
- Defend against phishing: This can be done through training and education of employees. It’s worth trying to set up simulated spear phishing attacks against employees to keep them on their toes during the COVID-19 situation. Try simulating attacks that promise recipients information about COVID-19 or that masquerade as IT help desks performing work from home checks. This can help you improve the defensive skills of your employees and enhance your company’s overall resilience in the face of these increased threats.
- Update homeworking cybersecurity: Ensure that your cybersecurity policy is sufficient as your organization transitions to more employees working from outside the office. Your policy will need to cover remote-working access management, use of personal devices and updated data privacy considerations for employee access to documents and other information. Without the right security in place any devices used to access your corporate network can leave you vulnerable to hacking.
- Monitor shadow IT: Monitor shadow IT, and try to keep your workers working from approved apps and solutions wherever possible.
- Patch: Ensure that your remote access systems are fully patched and securely configured at all times.
- Test: Since we are all still largely creating “work from home” protocols as we go, they are evolving in real time. So keep on reviewing all your protocols and procedures in real time to check for vulnerabilities or potential loopholes.
- Brace for disruption: Be aware that your preventative measures can only realistically go so far. Be ready to respond fast in case of a breach. It generally pays to think of cyberattacks as a matter of “when,” rather than “if.”
Provide clear guidance and encourage communication: Ensure that homeworking policies are clear and include easy-to-follow steps that empower employees to make their homeworking environment secure. This should include instructing employees to communicate with internal security teams about any suspicious activities.