Cyber-security as the next challenge from COVID-19

by Angela Markwald

Although "going digital" is nothing new, the amount that our society is utilizing digital services and products has significantly increased over the past few months - as have the risks.

The COVID-19 pandemic has been wake-up call for many businesses, especially in the world of digital services & support.  According to Mimecast, impersonation fraud jumped by almost a third during the first 100 days of the COVID-19 pandemic as cyber criminals looked to take advantage of how many people were suddenly working remotely.

 

Do you think your team would notice a cyber-attack in action? How long would it take to find out you've been compromised?  The real answer might alarm you: The current average is 206 days before an intrusion is discovered. 

cyber attack

What Can You Do?

Here are five helpful tips on building a cyber security strategy to keep your data healthy and safe:

1. Train and Talk

  • Training your people is the first level of defense in combating cyber-attacks.  It is important that your team knows what to watch out for. Introduce (or revisit) cyber security trainings, specifically addressing phishing and social engineering.
  • Don't stop there: Talk about the trainings, new stories, phishing attempts your team has caught, etc.  Reinforce the importance of cyber-security in day-to-day activities and meetings to make it part of your culture.
  • Invest in professional training:  While it may be an expense you aren't used to, this is the least expensive and most effective way to ensure data security and costs less than mitigating and recovering from a breach.
  • Include EVERYONE: The need for this training now extends to everyone who uses a computer and receives email. These trainings can help everyone outside of business hours as well.

2. Boost Your Back-Ups

  • The 3-2-1 backup rule is an easy-to-remember approach to keeping your data safe in almost any failure scenario. Keep at least three (3) copies of your data, store two (2) backup copies on different storage media, with one (1) of them located offsite.
  • Take a lesson from Schrödinger's Cat: You've backed up your data on a disc or drive, but do you know what state it's in?  Test your back-ups regularly.

3. Plan and Practice for Business Continuity

  • Do you have a plan in place for a situation where people are available, but the building is not (i.e. natural disaster/snowstorm), or the building is available but people are not?  What happens if everything is lost? How can you keep the ship afloat? It’s an important step moving forward to have a clear plan in place.
  • Planning and knowing how it’s going to work and introducing practice drills to your team will allow you to be more prepared during times of a crisis.  Having a disaster “playbook” keeps your recovery flexible, yet structured, in times of need.

4. Hire A Dedicated Professional

  • If IT is one of many hats that someone in your company wears, do they know best practices and have experience in cyber-security?  If not, it may be time to consider a dedicated staff member or 3rd party support.
  • Many businesses outsource their IT support, which may work well for day-to-day needs, but may leave you frustrated in a crisis.  Be sure to review your SLA (service-level agreement) with your vendor to ensure you get the response time and quality you'd expect from someone on staff.

5. Check Your Risk

  • When is the last time you conducted a risk assessment?  We recommend working with an accredited auditor if you can.  Although a SOC2 audit can be a long and expensive process, it will provide your company and customers a better sense of your preparedness against a cyber-attack and tell you how secure your data really is.
  • If you can't work with an accredited auditor, don't give up!  There are still options to work with third parties to get an external review that helps you understand your risks and opportunities for improvement.
  • Do your vendor/supply chain due diligence. If a vendor gets compromised, it might not be long before cyber-attacks reach your digital doorstep.  Ask them about their policies and how they would communicate with you in the event they have issues.

While a comprehensive cyber-security strategy is ideal, something as simple as training your team could be a powerful starting point to reducing your risks and protecting your data.