In this article, Manish Kumar is going to give us a glimpse of, ¿Why is important to have a cybersecurity plan, during Covid?, and ¿How can you increase your cybersecurity arsenal, and be prepared for this Pandemic?.
Cybersecurity amid Covid-19
In a 2018 survey by the American Bar Association, 23% of law firms reported they had experienced a data breach.
This statistic is concerning enough, but remember, it comes from before the COVID-19 outbreak.
The pandemic may put you at an even higher risk.
Cybercrime has always been a relevant concern, especially for law offices.
As a legal professional, you work with a lot of sensitive information and often a considerable amount of money.
The nature of your work makes you a prime target for hackers.
2020 will also be remembered as the year that security events exploded and cyber incidents transformed society in numerous ways.
Consider this small sample of headline stories:
- Bizjournals.com: “Cyberattacks on the rise during the Covid-19 pandemic”
- Government Technology: “How Is Covid-19 Creating Data Breaches?”
- BBC: “Coronavirus: How the world of work may change forever”
- Interpol.int: “INTERPOL report shows alarming rate of cyberattacks during COVID-19”
- Techxplore.com: “Ransomware surge imperils hospitals as pandemic intensifies”
- PR Newswire: “Top Cyber Security Experts Report: 4,000 Cyber Attacks a Day Since COVID-19 Pandemic”
- ZDNet: “COVID-19 pandemic delivers extraordinary array of cybersecurity challenges”
- Maritime Executive: “Maritime Cyberattacks Up by 400 Percent”
The cyber threat landscape
Most of these threats have intensified because of the opportunities that have arisen during the COVID-19 outbreak.
One of the reasons for the spike in cyberattacks may be due to the fact that some small and medium-sized businesses take a ‘Bring Your Own Device’ (BYOD) approach (in contrast to a ‘Corporate Owned Personally Enabled’ (COPE) approach), which means that employees can use their personal devices (phones, tablets, or laptops) to access corporate information.
Working from home does not guarantee the same level of cybersecurity as an office environment. When using a personal computer or laptop to access corporate files and data (even with the security of an MDM solution) users are more exposed to cyberattacks.
For example, employees may not run an antivirus or anti-malware scan regularly, if at all.
A home working environment does not have sophisticated enterprise prevention and detection measures.
Additionally, home Wi-Fi networks are much easier to attack.
¿How companies and employees can increase cybersecurity?
Employees should be provided with a license to antivirus and malware software for use on their personal computers. Although this does not provide failsafe protection, it eliminates many low-level attacks.
Staff should be briefed on best practices and procedures to regulate the sending of emails or other content to private email addresses and/or cloud storage.
Employees should be vigilant when receiving emails and should check the authenticity of the sender’s address.
Home network security.
Employees should ensure that their home Wi-Fi is protected by a strong password.
Use a VPN.
Virtual private networks add a further layer of protection to internet use from home.
They cannot on their own be relied upon to prevent cyberattacks, but they can be a useful barrier against cyberattack. There are some basic cybersecurity strategies that businesses can adopt.
Identify weak spots.
All IT systems have weaknesses.
Companies should run tests to identify them and patch the most critical vulnerabilities as soon as possible.
This can take the form of vulnerability scanning, or various types of penetration testing exercises.
Additionally hardening of components of the technical infrastructure should be performed.
Companies should regularly evaluate cybersecurity risk exposure and determine whether existing controls are robust enough.
Any new forms of cyberattack that have appeared recently should be considered during these reviews.
Renew business continuity and crisis plans.
Business lines Managers need to keep their business continuity plans updated and consider cyberattack scenarios.
The current pandemic presents a more severe cybercrime risk, but that doesn’t mean you can’t handle it. With careful forethought and cybersecurity habits, you can continue to work with clients without risking anything.
Thank you for your time (Manish Kumar).
Contact Manish Kumar