From an increase in online shopping to entire workforce’s working from home, cyber security if more important than ever. The Covid-19 pandemic has forced corporate technology executives to focus on protection.
Shankar Arumugavela, CIO of Verizon’s Communications Inc states “The three things that keep me up at night are credential thefts using phishing attacks and malware, the threat of social-engineering attacks to manipulate customers and employees into divulging confidential or personal information, and third-party risk management to prevent malicious actors from infiltrating our network via our partners’ systems.”
Shankar’s concerns are well founded. In response to Covid-19 there have been major spikes in fraud and online scams. Consumers are being targeted using phishing. IT systems have been under increased hacking attacks. The FBI has reported a 300% increase in cybercrimes since the beginning of the Covid-19 Pandemic (The Hill).
To deal with these increased threats, here are three ways to improve cyber security:
- Review and communicate data security policies and practices. Employees are your companies first line of defense. Review and update data security policies to ensure they are compatible with a remote work setup. Communicate data security policies to your employees and send frequent reminders to employees about data security best practices while working from home. Remind employees to be diligent in their review of emails before opening links or attachments, and to report phishing attempts as soon as possible once discovered.
- Tighten up IAM (Identity and Access Management). Limit access to protected and confidential information. Consider restricting employee access to confidential and protected information on a role-specific basis. This will ensure employees have access to only the information needed to complete their specific duties. It is important not only to protect the perimeter of systems, but also the underlying data. You must be asking the who, what, where, why and how for every attempt to gain access to your critical data. This requires relentless authentication. For more on the importance of identity and access management, see my post “IAM is more important than ever“
- Use strengthened VPN access. To the extent possible, encourage employees to work using a virtual private network (VPN). This will provide an extra layer of protection to your company’s information. Put in place multifactor authentication for VPN access, IP address whitelisting, limits on remote desktop protocol (RDP) access and added scrutiny of remote network connections.
In the wake of Covid-19, improved cyber security needs to be top priority. CIO’s and technology executives must lead the effort to protect their systems, users, and data. All it takes is one breach to compromise an entire system and cause a crisis.