Many organizations are these days in a phase of reorganizing their operations and establishing alternative solutions to ensure continued business work capacity. Meanwhile numerous hackers and other cyber criminals around the world are mobilizing themselves to take advantage of the extraordinary situation. All business should therefore be aware of a significant increase of cyber risk in relation to the current corona crisis.
To combat the negative effects of the corona situation and prevent further spread of the covid-19, many businesses are taking necessary and proactive steps enabling their staff to work remotely from home. Simultaneously an increased number of mobile devices and private networks, which is not part of the ordinary IT-environment, are used in a business context.
However, all businesses should prepare for and take into consideration a significant increase in risk of cyberattacks and attempts of malicious emails. The hackers are exploiting new vulnerabilities and are among other impersonating official governmental institutions and health organizations to gain access to businesses systems and sensitive data.
In the current crisis-situation where many business are already suffering from the severe negative consequences related to corona-restrictions, a cyberattack on top may will probably be crucial to most. Hence, business should take proactive and additional steps already now to prevent the attackers from succeeding. The management should at least ensure that:
- the entire IT-environment and access ti business systems is updated to ensure that appropriate technical measures (e.g. consistent layer of multi-factor authentication) are implemented to establish a sufficient level of security
- automated information security updates are made also to remote equipment in use
- IT-security policies and guidelines are updated to reflect the changed use of IT-applications and to address new risks
- staff is trained in the correct use of IT-applications and equipment and are enabled to recognize malicious email campaigns
Finally, preparedness plans and appropriate guidelines needs to be in place and updated to address the risk of personal data breaches related to cyber security incidents and to ensure a proper and timely management of privacy risks.
|