5 cybersecurity risks created by Covid-19

There are a lot of lists that came out since WFH became the norm. Here’s one of the better ones. You’re probably doing all this already but it’s good practise to check on a regular basis…:

[…] Collectively, the cybersecurity threats to UK companies are real, but they are not powerless to stop them. In fact, while the cybersecurity landscape is incredibly expansive, companies can significantly reduce their risk exposure by following a few simple steps.

1. Equip all employees to understand and combat the threats.

The Covid-19 pandemic has created an entirely novel work environment and expansive threat landscape, and employers need to set their teams up for success in this regard. While the NCSC has provided guidance for identifying and responding to phishing scams, companies can take these strategies a step further by deploying real-time training to prevent a phishing scam from compromising personal or company data.

While the right software can prevent some of these emails from reaching employee inboxes, some will inevitably make their way through the content filters. It only takes one employee to interact with one phishing scam to compromise critical information or to provide network access, which means that it’s especially important to equip all employees to understand and combat the latest threats.

2. Set clear data management and handling procedures when working from home.

Even companies with robust data management policies need to go back to the drawing board during this unprecedented time. Create new policies that address the most prescient risks that address this unique moment. Undoubtedly, these expectations will look different at each company, but they should include:

Account password standards. Strong, unique passwords can prevent account takeovers, or, in the event of a breach, cascading breaches for accounts using the same login credentials.

Personal device use. The line between personal and private technology is inextricably blurred, but companies need to clearly delineate between the two. Personal technology can contain malware or other cybersecurity vulnerabilities, and it should not be used by employees working from home.

Data sharing. Companies need to clearly outline acceptable methods for transmitting company data. With many workers deploying a DIY approach to communication and collaboration, these standards are critical to prevent accidental data sharing that constitutes or leads to a data breach.

Data security services. Companies should provide access to and require the use of a trusted VPN service and two-factor authentication on all accounts.

3. Monitor for success, compliance, and security.

Employee monitoring software has become increasingly popular as insider threats have necessitated more effective oversight of companies’ digital environments. Now that millions of employees are off-site and working remotely, this software is a veritable must-have, allowing companies to detect insider threats, to assess compliance initiatives, and to prevent data exfiltration.

For instance, employee monitoring software can ensure that employees are using company-issued devices to complete their work. It can also evaluate communication and collaboration practices, ensuring that employees are following company standards while they work from home.

To be sure, this software should be used intentionally, and it’s implementation needs to be explained to all stakeholders.

Original article here