How cyber secure and cyber resilient is your business during this pandemic? Vernon Subban
In the attempt to curb the spread of COVID- 19, South African business owners were faced with a barrage of hurdles to overcome, including giving their employees the leeway to work remotely. They also had to embrace the Fourth Industrial Revolution at faster pace with e-commerce services to meet consumers’ reliance on digital platforms. The pandemic like with all crisis, have presented businesses with both opportunities and risks. Cybercriminals or cyber threat actors have not let any of their opportunities for financial gain go by either, capitalizing on cyber security flaws of remote workforces, supply chain interruptions and the increased online presence from all sectors. They have also come up with ingenious scams and phishing campaigns that prey on people’s concern and fear around the pandemic. At this time the World Economic Forum[WEF] also warned against this growing threat.
As many businesses focus on keeping their the doors open, cybersecurity measures tend to be placed on the backburner. Many small businesses struggle to include into their budget, the services of cybersecurity firms for risk assessments and implementation of security software. They instead have to settle for their IT technicians for security expertise and also opt for less cybersecurity protection, on the premise that larger businesses are targets. Cyber crime statistics have proved otherwise.
Strategies for All Businesses to remain Cyber Secure and Cyber Resilient during this pandemic and beyond:-
- Businesses working remotely need to know who and what devices are accessing their networks. Ensure restrictions are placed on what information can be accessed and that their employees are up to speed. Using advanced end-user authentication along with the use of biometrics for employees when logging into the business’s portal could prove invaluable.
- Centralize their ICT[Information and Communication Technology] budget in one place. Accountability will then be from one convenient and actionable service provider who should ensure efficient and streamlined device management, data, software, tracking and monitoring solutions.
- Understand the cyber threat landscape. The COVID-19 related cyber attacks came mainly in the form of old tried and tested methods of phishing and social engineering acts like:
- Fake coronavirus maps – when downloaded by unsuspecting employees, so too was the malware.
- A new ransomware known as “ Covidlock “ was identified disguised as a coronavirus tracking app for download.
- Cyber criminals are preying on the increasing user base of Zoom and Microsoft teams. They are now registering Zoom themed domains for malicious gain.
- COVID-19 themed text message scams has also been doing its rounds. The message has a link that directs people to testing facilities but actually installs malicious software to access personal information.
- Since the highest percentage of hacking attempts on businesses are initiated via email – email security becomes paramount. Employees should have a “Think before you click” mind set at all times.
- Ensuring employee connections to the office network is through a Virtual Private Network[VPN] as this hides the IP address and encrypts all communication to the business systems.
- Implement proper password management policies, like two factor authentication.
- Limit access to sensitive information.
- Create regular backups of important information and have sound policies in place.
- Ensure reliable data recovery, as properly archived information become invaluable when challenged with a ransomware attack- which is the most common attack strategy on small to medium businesses.
- Install an on site firewall. Some insurer’s use “Hack yourself First” as a strategy to build risk management programs when assessing vulnerabilities in the network system.
- Cloud computing offers potential for new approaches to guard against disruption of networks. It makes room for an “always on” strategy - moving away from reactive recovery measures to a more proactive resiliency centred one.
- Education of employees with cyber awareness training platforms becomes paramount - as the best cyber security programs become meaningless if staff are uninformed. The cyber vigilance culture should cascade from top management down to all employees.
Cyber Liability insurance is the final layer of defence in protecting a business and one of its most precious commodities, that being business and client data. A data breach now could prove fatal to any business of any size, as it deals with more than just the loss of a business’s infrastructural capacity, but delves in the realm of real criminality leading to fraud, extortion and ultimate shut down of a business. Protection of Personal information Act 2013[PoPI] together with the Cybercrimes Bill locally, and internationally Europe’s General Data Protection Regulation[ GDPR] are just some of the legislation that emphasises that data, like traditional stock requires both physical protection and insurance against theft or loss.
The consequence of a cyber attack could be heavy on any business’s wallet- no business can survive the resultant network downtime, loss of revenue, loss of data, loss of competitive edge, legal defence for compromised data, reputational damage and reducing the impact of the breach without Cyber Liability Insurance and a robust cyber risk management strategy as discussed above.
Cyber security and cyber resilience practices, managed with the right Cyber Liability Insurance cover can keep a business prepared and safe during this pandemic and beyond. It is impossible for businesses to be bullet proof to a cyber attack, with such strong online presence, but being prepared is invaluable.