Covid-19 measures have caught companies off guard: many had not prepared or tested for remote working (remote working policies, security training and testing of infrastructure, etc.). Remote working creates an opportunity for cybercriminals: national cyber security centres around the world have already reported an increase in phishing emails, with infected attachments falsely claiming to deliver ‘Covid-19 safety measures' to the reader. Some of these phishing campaigns could end in reportable data breaches and cybercriminals will take advantage of remote access that is insecure and generates security vulnerabilities.
If remote working solutions have been rapidly implemented in your organisation, here are seven ways to minimise cybersecurity risks:
- Policy - Refresh and communicate acceptable use of information systems policy which informs staff on how to handle and protect sensitive personal and business information.
- Passwords - Ensure that staff passwords are strong and have been recently changed. Use multi-factor authentication.
- Phishing - Conduct phishing simulations with staff to help them avoid falling prey to Covid-19-related attacks.
- Awareness – Issue regular communications to staff to raise awareness of the type of cyber risks so that they are clear of the steps they can take.
- Testing – Conduct vulnerability scanning and penetration testing on critical systems, network or web applications to find security gaps that an attacker could exploit.
- Device Security – Ensure personal and company data can only be accessed by secure devices. Meanwhile, restrict the ability to copy client data to personal devices and ensure remote workers are using a secure wireless connection.
- Email Security – Monitor the use of personal email addresses for work purposes. Where possible, restrict the use of auto-forwarding technology to prevent company data being sent to personal email addresses.
Even in times of uncertainty, organisations need to take charge on these critical cybersecurity risks and build resilience to protect, respond, and recover from cyber-attacks. Mazars supports public and private sector organisations of all sizes in their cybersecurity technical and organisational controls, and we can typically carry out these activities remotely.