By now, many of us will be settled into working from home, which looks set to become our new normal for the foreseeable future. Workers across the world are not the only ones readjusting quickly, with the cybersecurity threat responding at lightning speed.
The early stages of the outbreak saw an increase in the number of phishing scams targeting people’s fear of coronavirus and linked malware to offers of cures. Now, cybercriminals are targeting those new to remote working with personal data at higher risk than ever before.Even before the control measures for coronavirus were implemented, there was a sharp rise in the number of high profile cyber-attacks, with Boots Advantage Card and Tesco Clubcard experiencing data breaches in the same week.
Since the rise of coronavirus cases in Europe, a Czech hospital was targeted by ransomware, which is expected to be a sign of things to come.
Individuals and endpoints are the targets
Individuals are the favoured target of cybercriminals, which is why the security of devices and the training of end-users is critical. The pressure of working in a different environment with new technology may mean end-users are not as alert to suspicious emails and websites as they would be under normal working conditions. Attacks are mimicking software such as Zoom and Sharepoint, taking advantage of the lack of face-to-face verification of approval requests.
Actions you can take
- Remind employees what to look out for and the importance of staying alert. Keeping employees informed on the latest examples of attacks, the tell-tale signs of a phishing scam and even running simulations, will help employees understand what to be wary of. Up-to-date training and ongoing refreshers are critical.
- Review and update your Data Protection and Information Security policies – are they still appropriate for your new working practices or do other controls need to be implemented, such as Data Loss Prevention tools? Are you able to check that employees aren’t cutting corners and sending information through unsecured channels?
- Review and update your internal policies on homeworking and Bring Your Own Device. Make sure people understand the risk of information being accessed by others in the household or the threat of theft if devices or information are not secure. Additionally, ensuring that personal devices are not transferring company and personal data.
- Ensure you have internal checks in place whereby your IT team can verify the suitability of an employee’s device and working environment (including secure wifi access).
- Make sure that your key data processors are also handling data securely in their business continuity arrangements. Remember that as a Data Controller, you’re responsible for ensuring personal data is handled securely throughout your processing chain. Therefore, it’s essential to check the information security controls they are using while working remotely through updated due diligence.
Omni is ISO27001 Information Security certified covering all Recruitment Outsourcing and Consultancy Services. Omni’s proprietary recruitment software, Appellia, is also covered by this certification with multi-layers of security and this continues to be the basis of Omni’s service delivery model for our recruiters and clients alike throughout this period. For more information, contact our team today.