With Coronavirus social distancing guidelines around the globe, businesses face continued challenges associated with managing an increasing number of remote workforce. The switch to a temporary “new normal” is revealing vulnerabilities and flaws in existing security frameworks, which suggests the need for a fresh approach to cybersecurity. Understanding the current implications and how the COVID-19 situation could affect the future of data security is key to successful adaptation.
Cybersecurity Risks During COVID-19
The biggest threats to cybersecurity in the current circumstances arise from two factors: a sudden increase in the number of remote workers and a lack of resources to handle the increased load. IT teams already burdened with normal business tasks and cybersecurity responsibilities may become overwhelmed as networks struggle to handle unprecedented numbers of simultaneous users. Without regular monitoring, patching and updating, vulnerabilities emerge and leave networks open to attack.
Since COVID-19 began to spread and more companies sent workers home, there has been a sharp upsurge in:
• Phishing, including targeted attacks on high-level executives
• Financial cybercrimes
• Emails containing malicious documents, website links and/or executable files
Cybersecurity experts are also concerned about the possibility of hackers using stealth to obtain network access and quietly search for valuable data, such as bank account numbers and personally identifiable information. This data could then be sold on the dark web or used to launch devastating attacks in the future.
Businesses need to be aware of these potential issues and take measures to ensure IT teams have help and support from cybersecurity professionals during this time. A group of 400 cybersecurity volunteers from more than 40 countries has already banded together to form the COVID-19 CTI League with the goal of protecting networks critical to healthcare organizations and other essential services. These services may be particularly vulnerable to attack at this time, so such vigilance must be a top priority.
Remote Work Poses Unique Cybersecurity Challenges
The remote security protocols businesses typically use to keep data safe may not be sufficient in light of the increased reliance on remote work. Networks are likely to lag as more employees attempt to use company VPNs, access applications and communicate through remote collaboration tools, which can reduce efficiency and cause frustration. Remote employees may attempt to use alternative options to circumnavigate problems without realizing the security implications of these workarounds.
There is also a risk of apathy or a lackadaisical attitude toward security when working from home. Without direct oversight from an employer, a supervisor or an IT department, remote workers may be less diligent in maintaining proper security protocols. Even those who follow the guidelines are at an increased risk of being targeted by phishing emails appearing to come from legitimate users within their companies, such as department heads or help desk workers.
Data Security Tips for Crisis Situations
To guard against these increased risks during the COVID-19 situation, businesses should first focus on critical features and services. Protecting essential devices, applications and systems ensures businesses can remain operational even if other parts of their networks fall victim to malicious activity.
Additional security precautions should include:
• Maintaining consistent updates for all applications and devices
• Implementing and enforcing zero-trust security with multi-factor authentication
• Increasing protections for privileged accounts
• Testing all new systems for vulnerabilities prior to deployment
• Establishing new security policies to address changing access needs associated with remote work
• Adding behavioral monitoring to network security protocols
• Performing regular tests of plans for business continuity, incident response and disaster recovery
How COVID-19 Will Change the Cybersecurity Landscape
No business is likely to remain untouched by the COVID-19 situation, but that doesn’t have to be a bad thing. Companies have the opportunity right now to examine security protocols – including access control, network monitoring and permission settings – and adopt new approaches to network monitoring and data protection.
Putting the following measures in place can improve security now and prevent breach incidents in the future:
• Regular audits and assessments to check for vulnerabilities
• More tests to ensure networks can adapt to changing demands
• Increased user education with an emphasis on remote work protocols
• Increased focus on long-term business continuity and disaster recovery strategies
• Better monitoring and analysis using streamlined, all-in-one cybersecurity solutions
Cybersecurity specialists should use this time to help companies create, develop and deploy new security protocols, as well as educate business owners and executives regarding security issues specific to remote work.
The sudden and unexpected nature of the COVID-19 situation raises questions for businesses and cybersecurity professionals across industries. Emerging risks and vulnerabilities are forcing companies to overhaul security protocols and workers to learn new behaviors. Updating cybersecurity strategies to minimize remote work risks and focus on data protection in the long term can help businesses weather the storm and emerge stronger as industries begin to return to normal operation