One of the major consequences of COVID-19 has been the need for companies to enable their workforce to operate remotely. Like any operational change, this comes with a number of risks that need to be identified and mitigated, particularly when it comes to information security.
Though employees are working remotely, many still have to access company systems and resources to perform their jobs.
Also, in times of acute stress, people often forget to follow basic security best practices. Combined with the uptick in cybercrime (specifically phishing campaigns using COVID-19 messaging), the increased risks relating to information security must be addressed.
Mitigation may come in the form of enhanced company and security policies, more stringent management of access to resources, as well as the preparation and education of employees.
Our expert’s view:
In reality, employees have always been one of the biggest points of vulnerability when it comes to keeping information secure. Whether through negligence, ignorance, or malice, a high proportion of data breaches can be traced back to human action.
From an article in Info Security Magazine: “Human error caused 90% of cyber data breaches [in the UK] in 2019, according to a CybSafe analysis of data from the UK Information Commissioner’s Office (ICO).”
Education remains the most important defense against cybercrimes, such as phishing attacks.
With cybercriminals increasingly capable of spoofing both internal and external communications, it’s imperative that organizations remind employees of what they’ll never ask them to do via email.
Additionally, organizations should emphasize that employees be doubly cautious of any email that asks them to:
- Click a link
- Open an attachment
- Verify their details
- Perform an urgent task – that is plausible, but ever so slightly out of the norm.
This applies even if the email comes from a trusted source.
It’s also important that organizations have a clear process to report suspicious emails. The faster an organization’s security team is alerted, the more quickly it can warn employees about scams and shut down spoofed websites.
By educating and empowering employees, organizations can greatly reduce the threats associated with operational changes, and ensure that they remain operationally efficient and secure during the COVID-19 crisis.
Linda Misauer
Head of Global Solutions
Read on about taking your customers’ security awareness to the next level in 2020.
Striata is a leading provider of digital customer communication solutions that improve customer experience and advance the digital transformation of a company’s communication strategy.