How to Mitigate Cybersecurity Risk During a Crisis

The COVID-19 pandemic has forced companies to adopt new ways of working and conducting operations, often delegating much of the core processes to the digital medium. Unfortunately, the increasing reliance on technology creates new exploitation opportunities for hackers. What are the new cybersecurity risks and how can companies mitigate cybersecurity risk during crises?

1. Recognize New Threats

Embracing technology to continue operations generates a host of risks for companies. When new vulnerabilities arise, they have to be identified and mitigated to keep the company’s assets safe. Sudden employee absenteeism, disruptions in the supply chain, and new modes of work can create new challenges.

Here are some of the new risks that can emerge during crises when companies increase their dependency on technology:

• Understaffing in IT security teams might result in the introduction of new vulnerabilities in unpatched or outdated software, poor detection of cyberattacks, or inefficient response when attacks do occur.
• Vendors delivering services or products that make up the bulk of cybersecurity at companies might be unable to meet the demand, which results in a disruption of availability, potentially leaving company assets ill-secured.
• Shift to remote work creates additional exploitation opportunities for hackers (e.g., social engineering, insufficiently secure remote work devices). Employees’ behavior when accessing company assets remotely also creates possible attack vectors (e.g., bypassing the procedures outlined for remote access).

2. Identify and Manage Critical Security Activities

When a crisis happens, it can render much of the workforce absent, leaving the monitoring and managing of critical security activities unattended.

However, there are tasks that have to be performed to ensure operational stability, especially when that stability has become dependent on technology.

Below are essential risk mitigation activities to keep your assets secure:

• Monitor network traffic for suspicious incidents. Spotting unusual activities in time can allow for the rapid deployment of countermeasures.
• Scan for vulnerabilities in internal and external assets. Check regularly if system updates and patches apply correctly and to all assets.
• Perform regular system backups. Use disaster recovery tools for automated backup of critical systems and data to maintain good data governance.
• Ensure identity management solutions adhere to established security practices. Authentication and authorization systems should work seamlessly even when deployed remotely.
• Implement asset management tooling. Asset management tooling lets you have insight into and control over systems outside the internal network.
• Update policies reflect new ways of work. Review procedures and response plans and adjust them to a remote workforce.

Note: To be able to perform some of these tasks, it might be necessary to allocate additional resources to the security team to ensure continuous and consistent IT support.

3. Secure New Work Models

To make sure core business operations are performed, many companies are likely to embrace a remote model of work. Depending on the crisis, it might be difficult to determine how long the work-from-home policy will be in force. The remote work model can stretch to months. Proper security measures have to be implemented to decrease the risk of cyberattacks and ensure proper response of employees to such incidents.

Some of the new risks generated by a remote workforce:

• Sudden reorganization of established procedures can encourage remote employees to bypass guidelines (e.g., secure communication software might be underperforming when accessed remotely, thus making employees prone to trying out other, possibly insecure software solutions).
• Remote access network creates a host of risks (e.g., disruption of business operations caused by DDOS attacks on remote access systems)
• During times of crisis, misinformation is one of the most dangerous phenomena. Attackers can use the crisis to launch phishing campaigns or create targeted emails.

How to protect company assets when relying on a remote workforce:

• Check the technology and tools assigned to remote employees.

• Secure remote access systems (regular patching and updating of critical systems).
• Deploy web filtering solutions for assets on external networks to detect malicious activities.
• Train employees in work-from-home best practices.
• Set up a support desk for remote employees to let them raise issues regarding processes. This can help you further secure your assets and ensure employee and company safety.
• Implement logging policy to know who’s accessing which systems and resources.

Social Engineering Attacks

Switching to a remote working policy creates a greater risk of social engineering attacks. In order to decrease the risk of remote workforce falling victim to social engineering attacks, you need to provide the employees with guidelines for recognizing and responding properly to suspicious activities.

What to do:

• Inform staff about emerging threats related to remote work. Organize training sessions to train them on how to handle such situations securely.
• Raise awareness toward attempts at requests of personal information, payment requests, etc.
• Employ software solutions such as security suite or antivirus software to spot and prevent opportunistic threats (e.g., phishing emails).
• Address threats from terminated staff. Disable and restrict access to systems and tools promptly after termination to prevent data theft.

Rapid Adaptation and Response During Crises

Being able to respond and adapt to rapid changes during crises helps companies quickly stabilize the situation and diligently address risks. Proper crisis management is critical to assessing the situation and reacting with an appropriate set of procedures. Implementing secure and convenient remote-work tools such as a board portal is one of the basic steps how companies can protect their assets while maintaining operations.