Any system that has enough pressure applied, will eventually start to show signs of weakness. The speed at which COVID-19 has forced workforces to operate from outside the fortifications of their usual office systems and tools, has exposed gaps in cybersecurity practises. Some are cavernous, others more subtle.
Now that we are all starting to develop our routines in the “the new normal”, it’s time to take a breath and look at how we are operating from remote locations, and what we can do to improve our security.
Our obligations to secure sensitive data have not altered. In the first 48 hours of lockdown many of us have found that our processes rely heavily on people to manage and monitor our systems.
Security controls for non-distributed workforces typically depend on the local networks in our offices. Devices that are no longer connected directly to the local network are more difficult to update, manage and monitor. be rest assured, they are well supported by your normal site engineers.
World leaders are obsessed with deploying measures to eradicate COVID-19. Media outlets are being used to reinforce government messaging and directives, focusing our attention on the gravity of this situation.
Inadvertently, we are dropping our guard and the bad guys are taking full opportunity to exploit this situation. Ransomware, phishing and malware disguised as official COVID-19 or Coronavirus information is on the increase and are continually testing users' abilities to identify what is legitimate.
Escalation details are on our
website
Those of us with newly distributed workforces have found that hunkering down at home has been a challenge.
Home devices (BYOD) have been required to bridge gaps where there is not enough business equipment available
Many end users left the office in such haste that countless devices remain turned on and unattended in offices. Without regular interaction from people, these devices provide opportunity to be exploited. This is especially important if updates are not automated and applied in timely fashions.
There are still examples of backup solutions which require the manual changing of portable drives to be taken offsite. The backups are likely to be running to schedule but will be overwriting the currently attached disk, and under the lockdown regime, you have no ability to get them offsite.
Sharing workspaces with competing priorities is a challenge. Kids wanting your time and attention or to do something on the computer, the cat wanting a pat or fear of a deadly virus getting into your house are all taking our attention away from security. This is a time where employee focus is essential.
The best thing everybody can do - turn on you bullshit radar! If it looks too good to be true, it probably is.
Make sure you have good processes in place to authorise payments. Don’t rely on email alone. You must confirm email requests by verified voice contact with the requester. Be sure who you are paying is genuine!
Now is the time to keep investing in training staff. Continue your email phishing testing and make it more challenging. If you don’t have this in place, consider deploying it.
When checking if something is true or not, use trusted sources of information. Ring our Support Centre or use government sites such as Cert NZ.
If the restoration of your business information remains in a portable disk inside an inaccessible building, then you need to give us a call to discuss options now.
There are many online solutions that can easily be configured remotely that will provide you with some comfort that your data is at least available for recovery if needed.
Rather than allowing home devices access to your systems with, at best, limited security prevention installed, give us a call to see what is best for your situation.
We have a COVID-ready solution available that will allow staff to securely connect to a desktop inside your office from a home device without fear of any cyber-nasties getting in.
The current lockdown is unlikely to be the one and only time we experience this type of event. With time away from the water-cooler chats and general office distractions, we are using the enforced lockdown to do some business planning and critical thinking, and we think you should to.
If you don’t already have plans in place, now is an ideal time to start working through your Business Continuity plans or to look at improving your security posture with multifactor authentication technology.
If you have not already adopted a modern workplace, then now is also the time to look at how the current situation is affecting your business, and how a mobile, modern workplace can help your business stay relevant.