The novel coronavirus (COVID-19) has become a hacker’s best friend.
Earlier this month, hackers tried to break into the World Health Organization (WHO). More recently, the U.S. Health and Human Services Department (HHS) experienced a cyberattack when hackers attempted to overload its servers.
Cybercriminals are using this opportunity to prey on exposed organisations. They’re creating thousands of coronavirus-related scam and malware sites each day and exploiting vulnerabilities that arise when employees work from home.
In a race to keep employees working and operations running, companies are accepting dangerous security risks and putting themselves in more jeopardy than they may realize.
Here are three ways to protect your business during the coronavirus pandemic.
- Refresh employee education
You probably already educate your employees on potential security risks, but now’s a good time for a refresher.
Keep employees updated on the latest scams around COVID-19 and make sure they’re on the lookout for phishing attacks – especially if they’re not using company-issued devices, as personal devices might not have ample protections in place. Train them on the most appropriate ways to use technology during this emergency, like being wary of suspicious emails, using more complex passwords and limiting company-owned devices to work use only.
By making security awareness a top priority, you can help your employees err on the side of caution.
- Be vigilant about what devices use your VPN
Your remote workers pose the biggest risk when they use solutions that aren’t owned and centrally controlled by your company. For example, if an employee logs in to the virtual private network (VPN) using a personal laptop that doesn’t have up-to-date security patches or is already infected, it could leave your main network susceptible to breaches.
Ensure connections to your VPN are filtered and can only be made from systems with a baseline security level. Any device that connects to your VPN should have the latest security patches, an active firewall and be equipped with antivirus. Don’t forget to enforce multi-factor authentication (MFA) for anyone connecting to your VPN.
Your systems should be segmented, monitored and controlled with the minimum rights employees need to do their jobs.
- Find budget for cybersecurity
With the coronavirus pandemic escalating, many organisations have frozen budgets, making it harder to fund the security testing that experts advise.
It’s critical to fight for the budget needed to perform cybersecurity testing, so you can identify vulnerabilities and close any gaps before they’re exploited. Obviously, businesses are reeling, but all the new connections to your network from your newly remote staff pose risks. If an attack or breach were to happen at a time when you’re already vulnerable, it could leave you out of business.
Don’t rush the process
We’ve never experienced anything quite like the coronavirus pandemic. As businesses make changes to normal operating procedures to stay afloat and protect employees, they shouldn’t sacrifice security in the process.
Educate your employees on potential security threats and make sure they’re on the lookout for everything from phishing emails to malware attacks. Secure your VPNs. Push for the resources to run security tests in this new environment.
There are plenty of uncertainties in business right now, but your network’s security shouldn’t be one of them. With your workforce now remote, focus on locking down your security to ensure one crisis doesn’t lead into another.