As the COVID-19 pandemic continues to threaten to overload the healthcare system and global economy, it’s also having a powerful impact on the security of businesses and individuals. In the following Q&A with Jeff Bathurst, Director of SC&H Group’s Technology Advisory team, he details the need to have a heightened awareness around emerging phishing scams and increased communication of expectations for employees to consider in remote work environments.
Unfortunately, cybercriminals often attempt to take times of strain as a window of opportunity to exploit lapses in information security protection and controls. These criminals use social engineering tactics as well traditional exploitation techniques to prey on people’s emotions and exploit fear in this scenario.
The US Department of Health and Human Services department was hit with a cyberattack this week to slow their response to COVID-19. As a result of this attack, and an uptick in phishing attempts, we asked Jeff Bathurst, Director of SC&H Group’s Technology Advisory Services practice a few questions regarding cybersecurity preparation.
Q: How concerned should we be regarding federal government online systems and the distribution of information?
A: Disinformation is going to be an ongoing challenge during this pandemic. The federal websites are a constant target of hackers, and it is no surprise they are taking an opportunistic approach to add to the situation.
Hopefully, our government anticipates this type of antagonistic behavior and maintains a high-alert approach to ensure that all systems and electronic communications remain intact and available during this crisis. In the event of a website/system compromise, the government will use the Internet, TV, and radio to communicate all appropriate information.
Q: How should companies safeguard and mitigate the risks around an increase in phishing scams or cyberattacks?
A: I will narrow it down to a few recommendations to prevent overwhelming anyone in what may seem like a daunting task to safeguard your workforce and your organization efficiently and effectively.
- Implement and test alternative communication methods to utilize during an emergency (mobile, texting). This additional communication outlet is a necessary part of any functional disaster recovery or business continuity plan.
- As your employees work from home, the utmost care must be applied to provide remote computing services securely. Using multi-factor authentication or zero trust technology is a requirement for any remote work functionality.
- Nothing about safeguarding your organization is a set-it-and-forget-it strategy. IT department and service providers must provide oversight and monitoring of your services as well as key corporate systems. This must be performed on an ongoing basis to ensure continued operation and data/system security.
Q: What is the most important thing organizations can do to get ahead of this risk?
A: COMMUNICATE. I referenced the need for alternative communication methods to utilize during an emergency (mobile, texting) because companies need to have a way to disseminate critical alerts and information. No matter the environment, business-as-usual, or a worldwide pandemic, employee or user error continues to be our most significant threat to this day.
As many organizations are relying solely on electronic communications over the coming weeks, it is important to take extra precautionary steps to protect information exchange among your employees as well as reinforce the cybersecurity strategy defined for your organization. (Don’t have a cybersecurity strategy? Learn the importance of developing one by clicking here.)
During this pandemic, our team is seeing an increase in the number of cyberattack attempts, with user error or lack of attention the leading cause of information and/or system compromise. Communication with your employees and clients is critical! Therefore, instruct your employees to be careful, patient, and thoughtful about all remote work activities, from how they exchange information to the links they click in emails. This information is also helpful for your clients as well. The bottom line is both groups are going to be interfacing more electronically and we need to make sure both sides are diligent.
As businesses continue to get stretched to work in more remote working environments and employees juggle working from home it is important to make sure employers maintain an ongoing dialogue with their employees to ensure everyone is working together to protect themselves against emerging and persistent phishing risks. Contact us today–we are here to help organizations in need as we all navigate this current pandemic situation.