We are still learning how to cope effectively with the pandemic, waiting for a vaccine. People are going back to work and understand that life goes on with changes, including safety protocols and more time spent at home. In recent blog posts, we at Interfor have covered the challenges of working from home and a return to work protocol. It is now important to set up a cybersecurity safety framework. The following guidelines offer a simple plan for employees at the office or at home post-covid.
Empower employees to understand how important safety is
A big challenge is for employees to understand their personal roles in keeping a company’s system safe. Most hacks occur through human error or carelessness. We are not dealing with a faceless virus but teams of highly sophisticated criminals (or state sponsored actors) systematically attempting to find any weak point in a system.
Employees must feel they have ownership in keeping everyone in an organization safe. According to this PwC report“even before the Covid-19 crisis, in a PwC simulated phishing attack on mid- to large-size financial institutions, 70% of phishing emails were delivered to their targets, and 7% of recipients clicked on the malicious link. As has been proven time and time again, it only takes one.” One person can take down an organization and employees should think of themselves as the citadel protecting everyone. No crack can be allowed in the fortress’s walls.
Reduce silos and improve communication
If more governments and institutions cooperated, we would have fewer hacks and generally less chaos in the world and online. On the business level, with so much at stake, now is the time for more cross departmental cooperation. As this KPMG report covers, “businesses should look to break down barriers between departments, unifying the resilience culture across IT, operational technology and business-facing functions and promoting resilience by design across the enterprise. It can’t just be tick-box compliance.”
An analogy is that the country (and the world) is going through a war time scenario, which should help unify people. Working from home may create physical distances but it can create empathy with others in the same situation. Breaking down silos and boundaries should come from an organization’s leadership to set an example. Leadership should communicate that it’s time to come together for the greater good.
Be skeptical – especially of government emails
It is no secret that PPP fraud is rising and that hackers are more active online. Many workers use personal computers and devices, which makes it even more difficult for the IT department. In dealing with the virus, normal problems seem more complicated and our guards are down.
Be skeptical of emails, especially those claiming to be from the government. Whether related to PPP relief or SBA loans, be sure to check where the email is from and never provide private information in an email. No credible organization will ask for personal information.
Beware of sextortion emails as well, which have seen a recent rise. We covered the topic in this post.
Be prepared to deal with cyber “hacktivists”
This is a complicated matter, as some employees identify strongly with one social movement or another. Some feel they can take liberties when promoting views they may have not taken before, especially younger Gen Z workers. Employees have every right to personal views, but expressing them online (violating workplace rules) and acting against institutions is another story altogether.
As this article states “recent social unrest in the US has unleashed a flurry of hacktivist activities, including DDoS attacks against municipalities and police stations. This year, we’ve seen data leaks of millions of police and FBI records and aggressive social media attacks against the US administration, President Trump and even the popular social media app Tiktok.” Assume the best from your employees but be cautious and prepared if you see red flags (such as highly charged political posts) appearing on their social media.
We are in this for the long haul and need to prepare. Cyber threats are not dormant or going away. Persistence is key, as well as setting up a plan and being prepared for what may come. Things may improve, but they also may get worse.
Interfor remains available to help navigate these waters.