Towards the end of March 2020, almost all businesses across the globe had enforced remote work policy. And as governments are easing the social distancing rules and restrictions, some organizations have gradually reopened over the last few weeks. However, the pandemic has clearly had an adverse impact on small businesses and large corporations alike, and business leaders are not aiming for a quick comeback. Whether they have decided to resume work from the office or extend the remote work policy to 2021, companies in various sectors are strategizing for a transformation in the way they work and communicate.
Cybersecurity witnessed a dramatic change during the last couple of months and unsecure remote workforces have forced organizations to recognize the importance of cybersecurity preparedness. Cyber attacks have increased multifold since the Coronavirus outbreak where cyber criminals preyed on an unready, unaware workforce. There has been a spike in the number of phishing attacks and malware, ransomware campaigns. So, as more organizations plan their comeback, hopefully every company’s plan and strategy prioritizes information security. It is also important that organizations steer clear of any security blunders that could cost them their reputation and financial standing.
In this article we list some of the worst cybersecurity practices and strategies that could be detrimental to your organization, and compare them with alternate solutions and best practices.
Achieving 100% security vs. Minimizing risks
Although 100% security might sound like the perfect answer to emerging threats, it is likely that an entirely secure system is possible only when it is disabled. So the best alternate solution is to identify technological and financial resources your organization can spare, and minimize the risk of incidents that may occur. Simply being aware of this can help you build a better strategy of detecting the threat, establishing a mechanism to respond to the threat or prevent it, thereby minimizing the impact of the threat. It is also essential to understand the various attack vectors that actors use to infiltrate your organization, and to allocate available resources to address all these threats.
Lax with security updates vs. Regular software fixes
Security vulnerabilities are found on a daily basis and developers release patches frequently. However, businesses that have integrated such software usually fail to apply these patches and update the software. This could be because of stretched resources or lack of awareness. Harmful software vulnerabilities can create a security weakness/ holes which allows attackers to exploit and infect your systems, gaining access to your sensitive, personal information. The solution to this is a dedicated IT team to ensure that network and software are updated regularly.
Pursue attackers vs. Prevent attacks
Attackers, these days, are pretty sophisticated and are quick to come up with new technologies that enable them to hack into your systems. Staying ahead of these actors is critical to save your organization from the humiliation and loss the attacks could cost you. This is why it is important to take proactive measures to prevent attacks and outrun cyber criminals, instead of pursuing them. Organizations should also be aware of the implications of a possible attack and should be able to defend their valuable assets.
An assessment of the following attack vectors and technologies that could assist you in avoiding attacks altogether. Employees form a major part of the threat vector, thus making it important to keep them aligned with the organization’s cybersecurity practices.
- Security vulnerabilities
- Firewall settings
- Anti-malware and anti ransomware technologies
- Data egress points
- Creating awareness among employees
- Training them to combat social engineering tactics
- Practice good internet hygiene
Weak passwords vs. Password management programmes
Despite the increasing number of cyber attacks most users tend to fall back on weak or easy passwords, sometimes reusing the same passwords for multiple accounts. An online security survey by Google indicates that 52% respondents reuse the same passwords for several accounts. The Ponemon research, “The 2019 State of Password and Authentication Security Behaviors Report,” reports that 69% respondents have shared their credentials among colleagues. Also, 57% respondents have not changed their passwords even after enduring phishing attacks. Which also means that they have not considered alternate solutions such as Password Manager. 53% respondents mentioned that they rely on memory to manage their credentials.
Password Managers assists users in memorizing passwords of all their accounts, for which the users simply have to remember the master password of the Password Manager. Password management programmes will also generate random, strong passwords when you create a new account. Organizations should also make sure that the access to company-related documents and software is limited. Password Managers also support two factor authentication methods, which adds an extra layer of security.
Assume you’re not a desirable target vs. Prepare for the worst
Although it is true that cyber criminals target popular brands and companies, companies that are part of any industry are vulnerable to cyber attacks regardless of its size. In fact, small businesses are soft targets, considering the lack of resources allocated to protect their systems. Data breach of any scale is significant and the ramifications can be devastating. Privacy, data breaches can cost you more than a financial loss, it can tarnish your reputation and leave yourself wide open to lawsuits and legal action.
Therefore, it is important for organizations to gear up against emerging cyber threats. Companies should resort to cyber threat monitoring solutions such as CloudSEK’s XVigil, to detect and prevent undesirable actors trying to target your security posture.
Using public Wi-Fi and unknown devices vs. Network Security
Unauthorized access to your computer network can lead to several forms of attacks such as Man-in-the-middle attacks, malware delivery, snooping, sniffing, breaches, etc. A major concern regarding public as well as home Wi-Fi is unencrypted networks which exposes your online activities to hackers. Similar is the case with unknown devices and unsolicited software. The use of such devices and software opens the door to malicious actors looking to abuse your systems.
Establish a secure network and secure communications (SSL connections) over the network, and also make sure to log out of all your accounts once you’re done using them. While on a public network avoid accessing any sensitive information, including PII, addresses, banking information, etc.
Coronavirus has brought about an extensive change in the workplace and in the way we work. Technology will surely have a significant role to play in all of it. Meetings, conferences and collaborations are increasingly conducted over the internet, adapting to a more decentralized organizational structure. These changes can also contribute to an undesirable impact on cybersecurity. When organizations are busy building contingency plans to accommodate COVID-19 into the way they work, we hope their plans won’t fall short of cybersecurity strategies.