Amid the spread of this global pandemic, employers are tossing between allowing their employees to work from home or continue to operate from the established offices. Regardless, organizations need to consider the risks associated with their data security and data privacy in the wake of potential impact.
As coronavirus is not only affecting one’s health but also the continuous growth of businesses, it is time for them to expand their IT disaster recovery and contingency plans to address unforeseen scenarios. Enterprises need a plan that covers all possible types of fabricated attacks during the rapid emerging outbreak of COVID-19.
Address These Cybersecurity Risks in the Wake of Coronavirus
With threat actors entering the picture, enterprises and their management board should consider the listed security risks that have surfaced after the birth of COVID-19.
1. Phishing frauds thriving on fear
Recently, WHO released a warning, alerting individuals to beware of the phishing emails appearing from “WHO representatives.” These emails ask for sensitive login credentials or encourage individuals to either click on a link or download malicious software. Other renowned publications also came forward, showing similar phishing scams that seemed to be generated from ‘authorized professionals.’
Source: Wired
How to mitigate the risk?
In such a situation, organizations should raise awareness to make their employees follow valid COVID-19 related alerts and subscribe to official institutions only. For instance, The Office of Homeland Security Cybersecurity and Infrastructure Agency (CISA) published its insights on ‘Risk Management for Novel Coronavirus.’ Furthermore, the management team should concentrate on finding a secure way to communicate with their employees.
2. Challenges of working from home
For smooth business operations, companies may decide to permit their employees to work from home. In that case, employees may use a VPN to access the company’s network remotely. Evidently, in today’s world, dependency on VPN not only exposes sensitive data to security risks but, with the adoption of cloud services, multiplies the existing cyber risks exponentially.
How to mitigate the risk?
The increased network traffic on VPN exposes the larger community to security risks. The solution to this problem may start with the patching of installed software regularly. But the inability of IT representatives to be available on various remote sites adds on to the primary challenge. Companies should accommodate a disaster recovery plan that can deal with the issues of a remote workforce. The plan must contain timely solutions to address all the associated problems.
3. Accessing sensitive data on public Wi-Fi
Do not presume that employees will use corporate assets on a safe wireless network. A few may expose corporate accounts to insecure public Wi-Fi networks. Cybercriminals can attack these networks to gain unauthorized access to sensitive data. For instance, when an unencrypted form of information is transmitted through an unprotected network, a threat actor can intercept it to steal the data.
How to mitigate the risk?
The best solution to prevent the theft of information is not to disclose sensitive data on unknown public networks. Apart from that, use SSL (Transport Layer Security) connections to set up a layer of encryption for all your communications. Employees can do this by enabling the “Always Use HTTPS” option that will protect their login credentials even on public Wi-Fi.
4. Easy Communication for Outsourced Services
The dependency on third-party service providers can also affect the business after COVID-19’s ill-effects on the outsourced parties. Especially if the enterprise is relying on these providers for critical services, including specific IT operations, website management, or many others. The viral outbreak can lead to disruption, creating loopholes in the existing system.
How to mitigate the risk?
To deal with the issue, the company must consider a factor addressing supply chain management. This plan should help the IT team to identify and connect with alternative service providers quickly.
Under critical circumstances, organizations should review their existing business continuity and disaster recovery plans to address the challenges born out of a pandemic. The program should be able to adapt in the face of additional changes.
A specialized disaster recovery plan steps should include pandemic events, such as COVID-19, and must possess the following –
- Inclusion of a proactive program that ensures the firm’s business operations will run uninterruptedly during a pandemic event. It will work on smooth communications and coordination with third-party service providers.
- The documented plan must identify and follow the company’s process and controls.
- Contain a framework that covers all the business locations of the enterprise and check whether they are capable enough to continue regular business operations.
Source: eccouncil.org
0 comments:
Post a Comment