The recent COVID-19 pandemic has proven to be a game-changer for businesses across the world. It has changed the way consumers behave and perceive things. This unexpected and adverse shift in habits and mindset has impacted the economies heavily. While many have taken a bad hit, it has also resulted in opportunities for businesses to shine. With that said, unfortunately, the situation has also created opportunities for security risks in the form of malicious cyber-attacks.
An attacker has 3 primary drivers – Means, Motive, and Opportunity.
The focus during these critical times should be to stay safe, more so now than ever before. Remote work presents a unique challenge for information security because remote work environments do not usually have the same safeguards as in an office. When an employee is at the office, they are working behind layers of preventive security controls. While not entirely probable, it is harder to make a security mistake while at the office. However, when computers leave the perimeter and people work in remote locations, new risks arise for the organization and additional security policies/controls are essential.
What does this mean for Organizations?
Organizations need to apply their business continuity processes to their entire operations and workforce. Typically, business continuity plans drive critical business processes and the workforce. In pressing times like these, the responsibility of business continuity lies more so with each employee and the best way to do this is to ensure that security controls are in place as they review and revise their business continuity frameworks and plans.
As a remote worker, how can you help?
While working from home, one must be aware of all communication channels. The most often used communication channels are emails, instant messaging, video calling tools, phone calls, and other collaboration tools. Cyber attackers concentrate their threat vector execution mainly on collaboration tools used for communication, hoping that someone will respond by way of clicking on a link in an email, clicking on a link in an instant message channel, or providing a password or any critical information through a phone call.
To thwart these kinds of attacks, apply the S.T.O.P principle to your communications – Stop, Take a breath, Take the Opportunity to think, and Put it into perspective.
Given that remote working is here to stay, employees must understand that they are operating within some highly challenging environments prone to security breaches. Therefore, it is essential that they are trained to understand best practices for threat and vulnerability in an online environment. While good technologies and policies help, the truth is that the very employees who help the organization grow, are a primary avenue of risk. General work from home and remote work policies can help, and these policies can be enforced with both technical and administrative controls. Security awareness training and user education are key to managing the new pandemic risks impacting cybersecurity.