5 Tips to Stay Secure During Coronavirus

Although physical offices are closed, cyber criminals are open for business.

As COVID-19 propagates, companies are reacting, and many are initiating work from home (“WFH”) policies. While it might be a common practice for some businesses, many others are scrambling, and cyber criminals are ready, using WFH as a nexus into the wider business environment. This makes WFH employees and systems vulnerable.

Cyber attackers and Nation State Actors (someone who aggressively targets and aims to gain access to public and private sector networks to compromise critical systems availability) increase during a time of crisis, using the crisis as a strategic advantage.

So Why Does WFH Make Employees Vulnerable?

WFH allows employees to bring their work home with them and operate remotely, often times allowing employees to use their own devices, from tablets, to phones, to computers, to do their work. This is referred to as Bring Your Own Device (“BYOD”) – or in the cybersecurity world, Bring Your Own Disaster. Employees are also using their own wireless internet which may not be as secure as the connection in the office. Additionally, many devices, both for work and leisure, are utilizing the same network.

Since January, more than 4,000 coronavirus-themed web domains have come about. Many of which are likely to have malicious intent and have a goal of luring victims to click on dangerous links. For example, Iran is desperate to maintain power under the crippling economic sanctions and through the COVID-19 pandemic. In the midst of the pandemic, Iran is orchestrating attacks on US interests, mostly through proxies, as well as a drastic increase of cyber-attacks against businesses, hospitals, etc.

5 Tips to Stay Secure During This Crisis

1. Business Continuity Assessment and Encrypted Backups

Approximately 75% of backups fail after a cyber-attack or other business-critical event. A dispersed and segregated working environment does not mean better security. Data protection should mimic rapidly changing work environments, such as WFH. A comprehensive backup and business continuity plan should cover your WFH as a critical business asset, protect confidential data while ensuring data privacy by using modern intelligent backup solutions with threat protection and self-healing integration.

2. Have Service Level Agreements (“SLA”) in place

• IT Managed Services (ITMS) Staff Augmentation SLA: Your business can’t afford to call out sick and neither can the security of your systems. Consider staff augmentation using a fully outsourced ITMS or adopting a hybrid IT Managed Service model. This allows your business to have professional IT support and IT Help Desk Services at all times, allowing you to focus on running the business and maximizing your productivity.

• Incident Response SLA: Incidents will happen…expect them. Your business is only as strong as its weakest link. Having a SLA in place for incident response allows you to leave the technical cybersecurity elements to the experts. If you are still relying on employee phishing training which attempts to turn the non-technical into cybersecurity experts, it is time to move on. Are you still getting a lot of those phishing emails? You shouldn’t be. Hackers are always a step ahead of training…in fact, several steps ahead. During an incident, evidence is highly perishable. You do not have the time to be figuring out what your next step is. Have those steps in place now to protect your assets.

3. Security Control

Integration of artificial intelligence into your business environment is not only prudent; it’s cost-effective and enables your employees to be more productive by allowing them to focus on what matters most – the business, not the security. Leave the security thinking to security experts that build an environment that is affordable, aligns to your business needs, maximizes productivity and return on investment.

4. Cyber Protection for C-Suite

Advanced Persistent Threats (APT) are just that…persistent – hackers consistently target key assets to the business, like the C-Suite, especially where executives are most vulnerable, e.g. during times of crisis (COVID-19) and operating from a WFH environment. Protect key staff members and corporate security interests with the latest security plug n’ play devices that offer comprehensive security, scanning, privacy and monitoring in a single package to address constantly evolving threats.

5. Cyber Protection for Vacated Businesses

Are you concerned that your business is vulnerable while you are not there? Alleviate those feelings with real-time cybersecurity monitoring. In 24 hours you could have Withum’s Cyber AIR4 Droid™ (“AIR4”) set up to provide monitoring, alerts, auditing, incident response, cyber forensics and reporting all in one dashboard. This device can provide intelligent identification, scanning, probing and mapping of network(s) devices and vulnerabilities automatically.

As we continue to navigate COVID-19 pandemic, cybersecurity and your business, it is important to keep in mind that there are many resources available to help. Withum’s Cybersecurity Team can rapidly deploy IT security and monitoring tools on BYOD and business devices to add additional layers of security to employees working from home. Reporting metrics on employee business productivity while ensuring data loss prevention and data privacy, both for the business as well as the employee is also available.