With the Corona-crisis now officially characterized as a pandemic, organizations are activating their business continuity plans – or are scrambling to change their way of working – to cope with the crisis and keep functioning.
People with less good intentions might grab the opportunity to make some money abusing your changed operating model and the emotions that your teams have during a time of crisis. Criminals are already abusing the Corona virus in phishing attacks and we can also expect to see other threats such as the following:
- More people working from home could mean a higher exposure to Denial-Of-Service on your remote working infrastructure. Think about how you can optimize the infrastructure or scale down your processes so only essential personnel need to make use of the infrastructure.
- A sudden changed way of working could have an impact on your fraud detection capability. ‘Four-eye’ or social validation checks of invoices that used to work in the physical world with people sitting next to each other might need to be translated to remote working procedures that provide the same outcome.
- Allowing people to work from home on non company issued devices might introduce more threats, especially if you haven’t allowed that before. Consider imposing compensating security controls on these devices.
- Less working personnel equals more stress, meaning more chance of cyber attacks going undetected. Especially within the IT department that is now fully focused on keeping the lights on, it’s key to stay vigilant for security incidents. Make sure your key security processes remain functioning. For example, don’t disable Multi-Factor authentication out of convenience. Focus on what matters most.
- Remote workers in stressful times click more on links in dodgy emails than usual. Criminals will exploit this so you need to make sure you have your defenses in place. Keep informing your employees with regular security awareness and be ready to respond to phishing incidents.
- If you outsourced some of your IT processes, make sure your provider is still capable to meet their SLA. Your outsourced provider needs to be as ready as you are to cope with the crisis. Work in close partnership and collaboratively with your provider to mitigate any potential issues by for example pragmatically changing some of your procedures to keep functioning
Of course, this is not an exhaustive list, your threats may vary depending on your organization and your business continuity procedures. It is key for your company to remain cyber-vigilant, reflect and act on the changing threat landscape while fighting this virus. Hopefully it will be a short battle and we can return to our regular way of working soon!