The impact of the Covid-19 is being felt by all businesses around the world. Governments and health officials are strongly recommending social distancing to control the spread of the virus and are encouraging businesses to allow employees to work from home (WFH) as far as possible. Most organisations have followed this advisory and have enabled work from home for their employees.
Several analysts and commentators have been saying that this norm of working from home is going to continue for a long time and is likely to become the new normal. Some organisations have been following remote working model for a long time. Given the current scenario, many organizations are now following the remote working models. Due to this new workstyle, security experts are pondering about emergence of a variety of cyber threats.
Security hazards with new remote working workstyle
When the entire world is putting up a brave fight against the pandemic, cybercriminals see an opportunity here. As per Deloitte Cyber Intelligence Centre, there has been a spike in phishing attacks, Malspams and ransomware attacks as attackers are using Covid-19 as bait to impersonate brands, thereby misleading employees and customers. This will likely result in more infected personal computers and phones.
Not only are businesses being targeted, end-users who download Covid-19 related applications are also being tricked into downloading ransomware disguised as genuine applications. Organizations seem to be focusing on migrating their employees to work from home, employee engagement, etc., and may not have the desired attention on cyber security. This is leading to rising concerns of data security and confidentiality. Additionally, the threat increases if employees are allowed to access company data from offsite locations.
Better data protection
While most organisations are channelling efforts towards business continuity, they also need to pay attention at securing systems, resources and data while activating necessary mechanics for monitoring and protection to embrace the new normal - remote working. In this situation, IT teams need to effectively facilitate the infrastructure and the environment in innovative ways considering that WFH is going to continue for a long period.
IT teams would also need to work with different stakeholders – clients, employees and others – to effectively ensure data security and manage client confidentiality in the best way possible. Employees need to be much more involved than earlier in terms of ensuring data confidentiality. They need to be more proactive in keeping the IT teams updated on any suspicious activity.
Organisations can ensure better data protection by:
* Implementing access management system, which can be used to manage and monitor user access permissions and access rights to files, systems, and services to help protect organisations from data loss and security breaches.
* Using Privileged Access Management (PAM) that consists of the cybersecurity strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment.
* Implementing multi-factor authentication (MFA) for secure login.
* Applying appropriate policies, for example, to ensure that a device is encrypted with a strong password and has certificates for access to things like Virtual Private Networks (VPN) and Wi-Fi.
* Deploying an enterprise Mobile Device Management Platform to securely enable employees to get access to corporate applications. This will allow a separation of corporate data and personal data at a device level while maintaining business productivity
* Bring Your Own Device (BYOD) can be beneficial in an environment where it can be effectively controlled and managed. Management of different devices from the IT infrastructure and compatibility point of view can be also difficult.
Organisations must maintain business continuity while adjusting and scaling up security programs to protect against new cyber threats. Most organisations have already realised this and have increased their security spends. We need to inculcate good security habits to reduce cyber security risks. Organisational culture and awareness is also key to cyber prevention.
Cyber security should be one of the prime concerns for organizations when they’re re-strategizing their processes, practises and policies in the post Covid-19 era. Extensive training at all levels on security awareness should be encouraged within organizations. Not only the organization but the onus is on the employees for security of the organization.
They should be made aware of the possible cyber threats and should be immediately report to the team concerned whenever they come across any malicious threat. If both, the organizations and employees work as a team, they can prevent any harm due to security hazards.
- Subramanya C
- The author is Global CTO, HGS and CEO – HGS MENA.