29 November 2021
It is easy to understand why organisations are currently prioritising creating a sustainable future and the health and safety of their employees. But we are seeing, and will undoubtedly continue to see, some worrying trends when it comes to cybercrime and fraudulent behaviour amidst coronavirus.
We were already seeing an increase in cybercrime before coronavirus. The UK saw 65 per cent of businesses reported a cyberattack or breach within the past year (UK National Crime Agency and National Cyber Security Centre, March 2017). This tells us that cyber criminals are becoming more adept at manipulating vulnerabilities, but also that further digitisation can increase risk if poorly managed.
Coronavirus is dangerous, not only to people’s health but also in the vulnerabilities it creates. The amount of information and the increasing number of sources of information leaves the workforce vulnerable to click bait and impersonation.
A corporate IT infrastructure offers a level of security that is easy to manage, but with increasingly remote workforces that security is diluted. It is harder to manage risk in a relaxed controls environment.
As businesses undoubtedly begin to realise and consider that office space and in-person meetings are no longer critical to the maintenance and continuation of operations (there will obviously be exceptions), they will need to think about what defences will be needed for a geographically diverse workforce. These will need to be different or at least more thorough for long term scenario planning, rather than for the short term, which so many have had to do up to this point.
Here are some key considerations both for now and for the medium and longer term.
- We generally saw a lot of success across most sectors when businesses had to rush to get their employees (where possible) set up to work from home. However, some of that infrastructure may not be sufficient for the long term. Continued security of networks and infrastructure will need to be mapped out to reflect the new control and operations environment.
- We have seen many organisations furloughing staff. This meant that organisations did not have the resources they have had previously to manage risk. This has significant ramifications for IT teams, who should be on the front line.
- With the numbers of staff working from home that most organisations are seeing (and will continue to see for the foreseeable future), it will be the case that there is sensitive information being printed out on home printers. This creates a paper trail of high-risk information that businesses have no real control over.
- Several new suppliers and third-party relationships may have been set up. This is a good thing when considering dual and guaranteed supplies, but it does create new vulnerabilities:
- Payment practices won’t be well established. These will therefore be easier to manipulate.
- Existing payment protocols will, from necessity, have evolved to account for not being in the office in person. Again, this means that the procedure will be easier to manipulate and vigilance may drop
- It may be more difficult to track deliveries and service provision if employees are working remotely. As a result incorrect or premature payments could be made.
- It is a sad fact that many organisations are struggling financially. If a supplier does fold and go out of business, it may be difficult to be notified. Again, this situation is easily manipulated by cyber criminals and fraudsters.
Despite the current situation being new and relatively unknown, the actions businesses should be taking are not new:
- Remote working security policy
Remind all staff of the existence of the policy and where to find it.
Implement mandatory refresher training courses regarding remote work cyber security for staff to discuss the evolving threats during coronavirus. It is also a good idea to run covert phishing/whaling exercises to expose any weaknesses within remote teams.
- Service review
Conduct a thorough service review of your account management procedure to make sure it’s up-to-date.
- Incident management process
Escalating incidents up the ladder is crucial. If you have an incident management process, make everyone in the organisation aware of it. If you do not have one, now is the time to create one.
Make sure that all employees using corporate equipment have applied the most up-to-date antivirus software updates and patches.
- External use
Remind workers that commercially sensitive or personal data should not be printed at home, downloaded or saved to unencrypted removable media devices.
- Third-party vendors
If your organisation outsources its IT, has that vendor been contacted for an updated risk assessment, post-quarantine? As part of this you need to assess what new safeguards have been put into place, and how do you know they are sufficient given that the outsourced provider may also have staff working remotely?
- Network infrastructure
With the sharp increase in online meetings, there is a strain being placed upon the underlying network infrastructure. That strain must be monitored to ensure it doesn’t affect resilience or productivity.
- Network traffic
Your organisation’s network traffic should be monitored 24/7 otherwise attempts to breach the network may go unnoticed.
- Data analytics
These are useful tools when it comes to flagging suspicious and anomalous activity. If organisations can flag potential financially fraudulent behaviour remotely then this will continue to contribute to a level of continuous assurance across any sector.…. Are you using data analytics to its full potential?