Cyber Risk Considerations Amidst the COVID-19 Pandemic
Now that businesses and individuals have shifted to remote working for the immediate future in light of COVID-19, privacy concerns are a greater issue. Cybercriminals are taking advantage of an increased online presence and vulnerabilities in the remote work system. These vulnerabilities include employees inexperienced with necessary security measures, employees distracted by the novelty and demands of working from home, and overloaded networks. Nevertheless, there are numerous tools a business can employ to prevent against privacy and data loss during this time.
- Train your employees. Ensure employees are working from devices and networks that are secure and the employees are trained to use them securely. For example, companies can (and should) utilize a virtual private network (VPN) connection. Employees also should be refreshed on company policy regarding the use of devices for business versus personal use, and on avoiding email scams and phishing attacks (including those with a COVID-19 theme).
- Be aware of new threats to online security such as “Zoom-bombing.” With the shift of in-person meetings to online, the use of Zoom and other conferencing platforms have exploded. “Zoom-bombing” refers to hacking a Zoom meeting, which so far appears to be motivated by harassment rather than for financial gain. Businesses should ensure they are using the most updated version of Zoom or another conferencing apps. For example, the most recent version of Zoom disabled the ability to scan for meetings to join. Companies also should check their default settings on apps to ensure that only the host can control the screen, and take other measures such as locking a meeting after it has begun, keeping a meeting private, and requiring a password.
- Increase network monitoring. Companies should consider increasing their daily monitoring for malware and other attacks to counter the rise in cyber-crime. In particular, downloads of large amounts of data, suspicious access attempts, and receipt of emails from a personal account are possible red-flags.
- Revisit privacy and security policies. Our current events and business environment were difficult to imagine 30-60 days ago. Even recently-updated policies should be reviewed in light of new security concerns with remote working. Companies also should insure that an incident response plan accounts for a remote response, and that there is a protocol in place for employees to report issues if company e-mail is not available.
If you have questions about the impact of COVID-19 on your organization’s cybersecurity practices, or if you have suffered a cyber incident, please contact a member of our Privacy and Data Security Team.