Despite the global crisis in the wake of the COVID-19 pandemic, cybercriminals have made it clear that they are not going to take any time off. With employees working remotely from homes, organizations have been more concerned about adjusting to the sudden change in workplace routines and less focused on other issues like security. Cyber attackers know this and hence, it is pertinent for security and risk management teams to be more vigilant than ever about cyber threats.
10 Security Areas to Focus on During COVID-19: As the pandemic continues to evolve, businesses must ensure their security systems are up to date to protect against any potential risks.
Here are 10 areas to focus on to ensure your business is secure during COVID-19:
1. Ensure remote access security measures are in place;
2. Monitor and secure vulnerable systems, such as IoT devices;
3. Ensure malware/virus protection is updated;
4. Implement multiple authentication methods;
5. Monitor employee access to sensitive data;
6. Utilize data encryption;
7. Utilize cloud backup;
8. Update health insurance options;
9. Ensure physical security measures are in place;
10. Utilize two-factor authentication.
Though social distancing restrictions have eased down internationally, a possible second wave of COVID-19 is still anticipated. Hence, organizations need to adopt ways to accept and adjust to the “new normal” by evaluating their post-pandemic cybersecurity and IT changes; most of which were hastily placed as a sudden response to the pandemic. They also need to make strategic adjustments to their enterprise architecture, security controls, and long-term business processes.
Even after the pandemic is over, some trends adopted during this time are anticipated to prevail even in the post-covid world; including
- Rise in Ecommerce
- Increased trend of remote work
- Usage of online collaboration tools
- Data migration to cloud applications
- More cyber threats due to telecommuting
To cater to threats associated with these trends, let us briefly look at 10 security areas where organizations need to focus on during and after COVID 19.
Table of Contents
A. Ensure Best Practices for Telecommuting
Here are some best practices for telecommuting during the COVID-19 pandemic:
- Set up a dedicated workspace: Having a designated area for work can help you focus and be more productive.
- Maintain a regular schedule: Try to stick to a consistent schedule as much as possible. This can help you stay on track and avoid feeling burnt out.
- Stay connected: Make an effort to stay connected with your coworkers and manager. Use video conferencing tools, chat apps, and email to communicate regularly.
- Take breaks: It’s important to take breaks and step away from your work throughout the day. Take a walk, do some stretching, or take a short break to rest your eyes.
- Practice self-care: Make sure to prioritize your physical and mental health while telecommuting. Exercise regularly, eat healthy, and get enough sleep.
- Set boundaries: Set boundaries with your family and friends to ensure that you have the time and space you need to focus on work.
- Keep your work and personal life separate: It’s easy for the lines between work and personal life to blur when you’re working from home. Try to keep your work and personal life separate as much as possible.
- Stay organized: Use tools like to-do lists and calendars to help you stay organized and manage your time effectively.
- Make sure you have the necessary equipment and resources: Make sure you have everything you need to be able to work effectively from home, such as a reliable computer, internet connection, and any necessary software or tools.
Follow the guidelines and recommendations of public health officials: It’s important to follow the guidelines and recommendations of public health officials to help reduce the spread of COVID-19. This may include things like wearing a mask, washing your hands frequently, and practicing social distancing.
B. Manage Your Cloud Services
During the COVID-19 pandemic, it is important to ensure that your cloud services are properly managed in order to maintain the continuity of your business operations. Here are a few things you can do to manage your cloud services during this time:
- Monitor your cloud resources: Keep an eye on your cloud resources to ensure that they are being utilized effectively and efficiently. This will help you identify any potential bottlenecks or issues that may arise.
- Communicate with your team: Make sure that your team is aware of any changes or updates to your cloud services. This will help everyone stay on the same page and minimize any disruptions to your business.
- Stay up to date with the latest developments: Keep track of any updates or changes to the cloud services you are using, as well as any new features that may be available. This will help you take advantage of any new capabilities that can help improve your business.
- Implement security measures: Ensure that your cloud services are secure by implementing appropriate security measures such as two-factor authentication and network segmentation.
- Have a disaster recovery plan: It is important to have a plan in place in case something goes wrong with your cloud services. This could include backup and recovery processes, as well as procedures for how to handle any disruptions to your business.
C. Use Secure Tools for Collaboration
There are several tools that can be used for secure collaboration during the COVID-19 pandemic. Here are a few options:
- Microsoft Teams: This is a communication and collaboration platform that allows team members to chat, share files, and hold virtual meetings. It has end-to-end encryption to ensure that all communications are secure.
- Google Meet: This is a video conferencing platform that allows team members to hold meetings and presentations online. It has strong security measures in place, including end-to-end encryption and the ability to set passwords for meetings.
- Zoom: This is another popular video conferencing platform that can be used for virtual meetings and presentations. It has strong security measures in place, including end-to-end encryption and the ability to set passwords for meetings.
- Slack: This is a messaging and collaboration platform that allows team members to communicate and share files in real-time. It has strong security measures in place, including end-to-end encryption for all communications.
- Asana: This is a project management tool that allows teams to track tasks, projects, and collaborate on work. It has strong security measures in place, including encryption for all data in transit and at rest.
By using any of these tools, you can ensure that your team’s collaboration is secure and private during the COVID-19 pandemic.
D. Update Your Information Security Policy
Updating your organization’s information security policy during the COVID-19 pandemic is an important step to ensure the continued protection of your data and systems. Here are a few tips for updating your information security policy:
- Review your current policy: Start by reviewing your current policy to identify any areas that may need to be updated or revised. This may include changes to remote work protocols, new security measures for virtual meetings, and guidelines for using personal devices for work.
- Engage with stakeholders: It’s important to involve relevant stakeholders in the policy update process. This may include your IT department, HR, and employees. By engaging with these groups, you can ensure that the policy reflects the needs and concerns of all relevant parties.
- Address new threats: The COVID-19 pandemic has led to an increase in cyber threats, such as phishing attacks and malware. Be sure to include specific guidelines and procedures for addressing these types of threats in your updated policy.
- Communicate the updated policy: Once the policy has been updated, it’s important to communicate the changes to all employees. This may include hosting training sessions or creating informational materials to help employees understand the new policy and how to follow it.
By following these steps, you can effectively update your organization’s information security policy to protect against new threats and ensure the continued security of your data and systems during the COVID-19 pandemic.
E. Protect Your External Perimeters
There are a few key things you can do to protect your external perimeters during the COVID-19 pandemic:
- Encourage hand hygiene: Make sure that hand sanitizer is readily available at all entrances and exits, and encourage people to use it upon entering and leaving the premises.
- Implement physical distancing measures: Use signage and floor markings to encourage people to maintain a distance of at least 6 feet from others.
- Limit the number of people in your facility: Consider implementing a reservation system or limiting the number of people allowed inside at any given time.
- Use personal protective equipment (PPE): Encourage the use of masks and gloves by all employees and visitors.
- Clean and disinfect frequently touched surfaces: This includes door handles, handrails, and other high-touch areas.
- Consider installing barriers: To create a protective barrier between individuals, consider installing barriers such as plexiglass partitions. These barriers are easy to install and can provide effective protection against the spread of germs. They also provide a sense of comfort and security to those who may feel anxious in public spaces. Additionally, barriers can also be used to control the flow of people in certain areas, such as lobbies or checkout lines.
By following these measures, you can help to protect your external perimeters and reduce the risk of COVID-19 transmission.
F. Create a Cyber Incident Breach Response Plan
A cyber incident breach response plan is a set of actions that an organization takes when it experiences a cyber incident or data breach. Here are the key steps that should be included in a response plan:
- Identify the incident: Determine the scope and nature of the incident as quickly as possible.
- Contain the incident: Take steps to prevent the incident from spreading or worsening. This may include disconnecting affected systems from the network, shutting down servers, or blocking access to certain websites.
- Assess the damage: Determine the extent of the damage caused by the incident, including the types of data that may have been compromised and the systems that were affected.
- Notify relevant parties: Depending on the severity of the incident, you may need to notify law enforcement, regulatory authorities, and other stakeholders.
- Implement recovery measures: Take steps to restore systems and data to their pre-incident state. This may involve repairing or replacing affected hardware, restoring data from backups, and re-establishing connectivity.
- Review and update the response plan: After the incident has been resolved, review the response plan to identify any areas for improvement and make necessary updates.
During the COVID-19 pandemic, organizations may need to adapt their response plans to account for the challenges posed by remote work and other disruptions. For example, you may need to include additional measures to ensure that employees can access the resources they need to respond to the incident while working remotely. You may also need to consider how to communicate with stakeholders and coordinate response efforts with a dispersed workforce.
G. Create a Bring Your Own Device (BYOD) Policy Inclusive of Remote Working Conditions
Previously, BYOD policies were for inhouse jobs. Now, with a remote workforce to manage, it’s hard to control and keep a check on whether an employee is using a monitored corporate device or a personal device. Moreover, during the pandemic, many organizations have now allowed their employees to use their personal devices including tablets and laptops. Business phone calls and emails are now accessible from personal mobile phones and employees can access cloud applications from their personal laptops. At the same time, they may be using their personal devices for online transactions and entering their personal financial information into their devices. Hence, it’s important for organizations now to create a BYOD policy to ensure that employees follow best security practices when using their own devices.
H. Manage Third-Parties and Suppliers
It is important to manage third parties and suppliers during the COVID-19 pandemic to ensure the continuity of your business operations. Here are some steps you can take:
- Communicate with your suppliers and third parties regularly to stay informed about their operations and any potential disruptions to their services.
- Consider diversifying your supplier base to reduce reliance on any single supplier.
- Make sure you have contingency plans in place in case a supplier is unable to fulfill their obligations.
- Implement processes to ensure that your suppliers are complying with COVID-19 related health and safety guidelines.
- Consider negotiating flexible payment terms with your suppliers to help mitigate the financial impact of any disruptions.
- Encourage the use of digital communication and payment methods to reduce the need for in-person interactions.
- Stay informed about government support programs and resources that may be available to help your business weather the pandemic.
I. Prepare for Financial Coverage in Case of Security Breach
It is important to prepare for the financial consequences of a security breach during the COVID-19 pandemic. Here are some steps you can take to protect your business:
- Invest in cybersecurity measures to prevent a security breach from occurring in the first place. This can include training employees on cybersecurity best practices, implementing strong password policies, and using antivirus software.
- Purchase cybersecurity insurance to cover the costs associated with a security breach, such as legal fees, customer notification expenses, and credit monitoring services.
- Implement a response plan to follow in the event of a security breach. This should include steps to contain the breach, notify relevant parties (such as customers and law enforcement), and communicate with the public.
- Keep an inventory of all sensitive data and regularly review and update your data protection policies.
- Stay informed about cybersecurity best practices and emerging threats so you can take proactive steps to protect your business.
- Consider seeking the assistance of a cybersecurity expert to help assess your risk and implement appropriate measures.
J. Implement Overall Security Measures
Here are some steps you can take to implement overall security measures during the COVID-19 pandemic:
- Train employees on cybersecurity best practices, such as using strong passwords and avoiding phishing attacks.
- Implement strong password policies, such as requiring the use of long, complex passwords and frequent password changes.
- Use antivirus software to protect against malware and other cyber threats.
- Encrypt sensitive data to protect it from unauthorized access.
- Use secure communication methods, such as virtual private networks (VPNs) and encrypted messaging apps, to protect against cyber espionage.
- Implement access controls to prevent unauthorized access to sensitive data and systems.
- Regularly update your software and applications to ensure that you have the latest security patches and features.
- Conduct regular security audits to identify and address any vulnerabilities in your systems.
- Consider purchasing cybersecurity insurance to protect against the financial consequences of a security breach.
The Way Forward
It is with today’s IT capabilities that many companies have managed to continue their operations even during a global crisis. However, the COVID-19 pandemic has played a big role in highlighting the need for organizations to always keep themselves prepared for massive disruption in their businesses. This recovery period is an opportunity for organizations to reform and adapt to the new normal and prepare for any global disasters in future.