Security Precautions for the Covid World
In the global COVID-19 pandemic age, many businesses, for profit and non-profits, have made the rapid shift of workers and customers to remote working and online ordering and delivery. The pace of change in moving from a pre-pandemic world into a “new normal“ operation is breathtaking. What we once believed would take months, quarters or years has occurred almost overnight. It is amazing to think about what can be done when you have to for survival!
However, this incredibly-fast change has not come risk-free and in fact opened us all up to potentially more, particularly in the cybersecurity world. Where we once had a workforce or customer base showing up in a “controlled” office or store environment from a technology perspective, we now face a greater lack of control. The same argument can be made for school children and higher-education adults who are “learning online” via the use of desktops, laptops, internet bandwidth, wired or wireless to access needed educational materials and attend virtual classrooms.
Often overlooked in making these rapid changes are security vulnerabilities, flaws or openings that attackers exploit in compromising user functionality and stealing vital data along with a company’s or organization’s assets. Here are just a few risks to be strongly considered and abated:
1) Home firewalls – Internet access comes in several forms such as via a cable modem with a router that can be wired or wireless. Often, this equipment or hardware are individual or family oriented and only so strong but not of ongoing business or industrial strength. Attackers exploit the vulnerabilities in these pieces of hardware ad firewalls and it is important to keep everything current, including the firmware updated. IT organizations need to provide better and more frequent guidance and support to protect the information and flow for users and consumers and their own organizations.
2) Desktops, laptops and printers – The first two may seem obvious but the third may not be so easily thought of in terms of under threat. Personal computers that are not protected for antivirus, anti-spam and other vulnerabilities are prime targets for hackers. Often overlooked are the vulnerabilities of wireless or wired printers that can be hacked over a network as well and vulnerabilities introduced which provide access to key information. Keeping the hardware current, patched and supported as if a user was in an office or a school or a consumer was in a store is critical.
3) Small business attacks – Fortunately or unfortunately over the past several years, large corporations have had to deal with cybersecurity attacks and had to harden their infrastructure, assets, policies and procedures. While these have been painful for companies, employees and consumers, all have been working to adapt, change or face the consequences. Smaller businesses may have escaped these hardships in the past but especially now with everything being more online, smaller businesses are under greater attack than ever and can more easily be wiped out financially by an advanced threat or less sophisticated attack, if for no other reason than they do not have the staff and expertise that larger companies do to plan and take the right actions. Small businesses need to be vigilant and if and as they don’t have the information security personnel to handle these proactive measures, it is key that they seek out small-business focused consultants and resources to guide / help them.
4) eMail phishing – The compromise introduced by attackers who fake emails that look like legitimate messages from companies whereby users are asked to enter in their logon ID and password credentials is increasing, especially during the pandemic. Business works and consumer users are doing more online and we still live and operate in a world where you need to have and enter user IDs and passwords that make them extremely vulnerable. What may seem to be an innocent eMail that appears to be an attempt from a company to help can provide attackers with access to user or consumers machines and key information will be stolen along with a compromised identity.
5) Mobile attacks and malware – With many more workers remote or consumers waiting in outdoor lines or their cars for services, all the while having access to key tools and information on mobile devices, a whole new risk area is introduced. Be it over 4G or 5G networks, public or private Wi-Fi’s, close enough to a small business or school’s network, the same type of risks experienced on home networks also exist on these networks and can easily introduce vulnerabilities and the risk of stolen information via mobile devices access, especially when malware is introduced, deliberately or accidentally. Very key to abating this risk is staying current with software update and business device protection tools and VPNs.
The net here is that for large, medium and small businesses, institutions, schools and organizations, for-profit or nonprofit, the risks of putting people to work or utilizing services remotely, especially at home, have grown and continue to do so rapidly. To the credit of many of these organizations, they have moved with lightning speed to enable functionality and productivity from anywhere, saving countless lives with removing the need to be in an office, store, restaurant or school and risk exposure. That same diligence, effort and speed MUST be put in dealing effectively and broadly with the cybersecurity risks introduced.