By Ghonche Alavi
Lockdowns implemented across numerous countries have left individuals and employees with a need to connect. The rush to deploy new technologies and the discovery of free solutions has been a welcome addition in many households.
However, deploying such technologies across companies can pose significant security threats if rushed. Here’s what you should be looking out for.
The potential security issues with video conference software
We have seen a rise in employees being forced to use trials or free versions of video conferencing services, such as Zoom, before businesses have had time to test and procure the most effective solution across their enterprise. While we should collectively be embracing new technology, it is critical that parallel to this effort, IT and information security professionals should be approving the technologies that will be used before deployment. Over the past couple of weeks, Zoom, and other similar solutions have been heavily scrutinized. Whether justly or not, free and trial versions of such solutions typically provide limited security assurance. You get what you pay for—and it is no different for cyber security.
While governments and employers continue to remind employees of physical hygiene practices in the midst of this pandemic, cyber hygiene should also not be forgotten. Here are the 7 steps you can take to reduce the risk of falling victim to cyber crime:
1. Use a secure Internet connection when accessing company data or using company devices.
2. Where possible, enable two-factor authentication for emails and other applications.
3. Remain vigilant—there is likely to be a prolonged period of uncertainty around COVID-19 and cyber criminals will continue to exploit this at every opportunity.
4. Do not click on links or open attachments from unknown sources.
5. Be wary of all unsolicited emails particularly if there are spelling or grammatical mistakes—if in doubt, phone the sender.
6. Refer directly to credible websites rather than using links in emails.
7. Only download apps from verified vendors using official platforms.
IT and information security professionals need to play an active role
In addition to taking the steps above, it’s a crucial time to ensure that critical information security functions work adequately. Considerations around remote access and support volume required should already have been considered in the early stages of the lockdown, if not earlier. However, additional resourcing requirements, including procurement of sufficient VPN licenses, perhaps changes to your Bring Your Own Device (BYOD) policy and deployment of security controls around authentication of privileged accounts, disk encryption and collaboration tools, should now be a priority.
Cloud solution providers (CSP) offer a range of robust security controls and, therefore, businesses are encouraged to use this time to collaborate with CSPs and the information security community to source effective solutions.
The main cause of security breaches continues to be the misconfiguration of security controls when deploying new systems. Today, there is a delicate balance to be reached between a timely set up and access for employees on the one hand, and the time to set the correct security controls by IT on the other.
With the use of cloud solutions, we have seen an ever-expanding digital footprint, which must now be secured. Companies must consider the minimum technical security requirement across the business, and clearly establish who is able to authorize this.
Take the time to properly prepare for this new normal
With the ongoing uncertainty posed by COVID-19, it is fair to say that this new work environment and pattern will be the new normal for the unforeseeable future. Therefore, it is crucial for companies to take the time to set a clear policy and gradually deploy measures with adequate security controls in place, rather than hastily setting up a volatile and often untested framework.
View our latest webinar to inform yourself on what else you and your employees should do to stay safe online.
About NYA, a GardaWorld company
NYA, a GardaWorld company, has one of the largest specialist crisis response teams in the industry and has experience in advising an average of 80 to 130 incidents per year. These include traditional security problems—such as kidnap for ransom, cyber-attacks, extortion, malicious threats, illegal detention, emergency political evacuation, terrorism, and workplace violence—as well as accidents and broader issues affecting our clients’ operations, brands and reputations. NYA is retained by some of the world’s largest “special risks” and crisis management insurers. NYA has one of the largest teams of exclusively retained consultants in the industry, ensuring that our clients have access to the best people when they need them most. NYA’s response consultants are strategically based across 16 global locations. This allows us to provide the most rapid response in the industry, local expertise, and a high degree of operational resilience during periods of uncertainty, such as the current disruptions associated with the spread of COVID-19.