Lockdown – What’s Next for Your Security Strategy?
With more than 88% of our workforce encouraged or required to work from home, we are relying more than ever on the internet to keep us connected. In attempts to maintain business as usual, and keep teams working, companies have turned to a range of online systems and technologies. But what does this mean for security? While the changes have kept company processes moving, have they exposed organisations to increased risks? MFC partner and Cyber Security Consultant Marc Avery has highlighted some key areas for organisations to consider when remote working, which are particularly relevant in light of the extended lockdown.
There has been a massive shift online for all industries – supermarkets, shops, restaurants and DIY stores are all trying to retain business during the extended lockdown. As a result, there is an increased risk of cyber-deception, from scams and phishing emails, to fake websites, etc. There is also an increased likelihood of systems being mis-configured, or data being lost.
Indeed, experts from the National Cyber Security Centre have seen fit to urge the public to follow online security advice, and have revealed a range of attacks as cyber criminals seek to exploit the coronavirus pandemic.
Coronavirus is now possibly the largest ever cyber-security threat.
March 2020 alone saw a 37% increase in cyber-attacks compared to the previous month, and at the end of April 2020 the UK has seen the launch of a ‘Cyber Aware’ campaign backed by GCHQ.
As well as affecting consumers, the huge increase in online traffic also affects the buyers and sellers within the supply chain. With more online transactions, there is more data being exchanged, and therefore, a higher chance of data being lost or exposed, as new online platforms spring up to meet demand.
IT administration is also being stretched, faced with more, and new, requirements to access information remotely, and more requests to access online systems, including guests from outside an organisation. Brand-new systems are being built to support increased capacity, or to facilitate new electronic business processes, and previously untested systems are being implemented to meet the capacity and timeframe demands. There has, of course, been a jump in video conferencing usage, and these and other new technologies may be more readily available than ever, but have they been designed and configured with security in mind?
With these concerns mounting, what can you do to ensure your organisation maintains security standards?
FOCUS ON YOUR DATA
Getting back to the data can help you understand what is at stake, and the worst-case scenarios. Ask the following questions about your data when assessing the potential risks – the answers should provide a good starting point:
- Where is it and where is it going?
- What is important and what would the worst-case impact be if it was manipulated, lost or stolen?
- Is any of it Personal Data as defined within the Data Protection Act?
- Has the lockdown changed the way we process our data?
So, you’ve tackled your data. What next?
DEVELOP A SIMPLE SECURITY ASSURANCE STRATEGY
As the lockdown continues, and shows no immediate signs of abating, it is important to create a simple strategy to gain assurance of your security. Finding positive answers to the following simple questions will provide you with the confidence you need to operate effectively during these times:
Have we designed our systems to be secure? Are there any areas that may now be vulnerable due to changes, such as new systems being introduced?
Are they configured correctly? Have we utilised the security features effectively, including the use of Two Factor Authentication? (many systems such as Google and Office 365 offer this feature as standard).
Are you confident that access to your data and systems has been limited to those who need it? Do you know when this was last thoroughly reviewed or checked?
Are our systems up to date with the latest possible security patches? Are our systems administered securely? (Administrators are often the target for determined attackers).
Do our staff understand their key security responsibilities, including those specific to working remotely, such as sharing computers or the handling of sensitive information, etc.? Are staff aware of how to spot and report a suspicious email? Are they under unnecessary pressure to use new technology or adhere to new working rules, such that they are more likely to make a mistake? Do they understand how to select and use strong passwords?
Have we prepared enough for dealing with a security incident? How would we recover from an incident? If things do go wrong, do we have appropriate Cyber Insurance to support us?
These might seem like a long list of considerations, but not only will they ensure you and your teams are protected, they will also stand your organisation in good stead for the future. The COVID-19 pandemic and its aftermath are expected to drive a global increase in remote working, and higher demand from employees for flexibility. Ensuring a solid and secure system now, will also help avoid the possibility of a security breach or cyber-attack, and help future-proof your business.
If you’re interested in discussing your security concerns with us, please get in touch.