As COVID-19 spreads around the globe, cybersecurity and data privacy risks are expanding for employers. Read on to learn some simple steps you can take to address and mitigate the dangers.
2 Key Areas of Opportunity for Cyberthieves
Cybercriminals are taking advantage of the pandemic in two ways:
- First, they’re launching phishing campaigns to lure e-mail users into clicking on malicious links that appear to be legitimate information from public health officials and other news sources about the growing coronavirus risk.
- Second, as organizations incorporate remote work as part of their overall coronavirus response, more employees may be using unsecured Wi-Fi networks, handling information outside of secure channels, relying on personal devices for remote work, and not following the employer’s security policies.
Together, the factors increase the risk for cybersecurity and privacy incidents, which could lead to ransomware infections, compromised business e-mails, and the release of information protected under state, federal, and international privacy laws.
Changes in Threat Landscape
Cybercriminals regularly use targeted, topical campaigns to gain unauthorized access to user credentials. In times of crisis, even companies with training programs in place may find staffers—and especially their busy, time-pressed executives and employees new to remote work—tricked into clicking on a link or opening an attachment in what appears to be a COVID-19 outbreak-related e-mail.
Once that happens, the hackers may be able to use the compromised e-mail account to cause a great deal of harm, which could include:
- Gaining access to sensitive company information, protected personal data, or financial information;
- Embedding ransomware they can later activate to encrypt or destroy the organization’s data and systems; or
- Carrying out a business e-mail attack in which they use the compromised account to send fraudulent messages to other parties with directions to wire funds to fake accounts.
According to cybersecurity researchers, nation-state threat actors are using bots and other online accounts to spread deliberate misinformation about COVID-19 and send targeted phishing attacks to users in countries where the virus has gained a foothold. You should warn your staff about the risks and assess whether additional training, technical measures, or other steps may be helpful in counteracting them.
Remote Work Increases Cybersecurity, Privacy Risks
As more employees begin working remotely, you should prepare in advance to mitigate the increased cybersecurity and privacy risks. Your comprehensive planning should span all the departments in your organization to train employees and ensure their IT infrastructure can accommodate the increased demand.
Given the pace of the virus outbreak and changes in local conditions, you may need to implement remote work policies on short notice. Failing to plan ahead would increase the risk employees will handle information in ways that compromise data privacy, security, or both (e.g., taking confidential information home, forwarding it to personal e-mail accounts, or uploading it to personal cloud accounts)….
Source: HR Daily Advisor