When a crisis hits your organisation, your focus will be on minimising the disruption and maintaining business continuity. While there’s nothing wrong with this approach, you need to be careful about not ignoring another area that may be affected by the crisis: cybersecurity.
A crisis-hit company is often a highly vulnerable entity from a cybersecurity standpoint. As the company leadership focuses on the operational and financial threats posed by the crisis, they may not pay attention to the security holes created by it. Their lack of attention often allows cybercriminals to take advantage of the crisis and attack the organisation with confidence. And when this happens, firms are at a high risk of losing their business-critical data and suffering huge financial losses. A serious security incident can also damage a company’s reputation, result in regulatory fines, and lead to a loss of customer trust.
So what can your firm do to minimise these risk and protect your precious assets from the clutches of opportunistic cybercriminals?
Here are 5 critical strategies that every company must implement sooner rather than later.
#1: Set up remote access ASAP
Some crises normal business operations and even force office closures. To maintain business continuity, you need to set up remote access for the people who will not be working from office. Even if your offices are still open, set up remote access for personnel right now. Identify the critical resources who will work remotely, assign them multifactor authentication tokens, and set up a process to track them in case they get lost. If you wait for actual closures to take these steps, you will find it difficult to do so without physical access, and your business will suffer (even more).
#2: Update the emergency contacts list
Your company should have a way to stay in touch with employees at all times, especially if you designate them as “emergency” employees. Maintain a database of backup email addresses, phone numbers, chat handles, etc. Also create a group on a secure chat application for key staff and senior leadership. This way, you will be able to communicate with your staff even if your company falls victim to a cyberattack that affects normal communications.
#3: Separate personal devices from office devices
The use of personal devices with non-approved applications or outdated security software increases the risk to your company’s network, so make sure your staff is not using personal laptops for work. They should use company-issued laptops only. But this may not be possible if your company allows BYOD. In this case, make sure that your IT team secures every device and keeps an eye on Shadow IT. They should also maintain an up-to-date asset inventory and ensure that every device is updated and every software is patched. Employees should also report lost or stolen devices to IT immediately so the devices can be remotely locked or erased.
#4: Create a cybersecurity culture
If most of your staff is working from home, you must make cybersecurity part of the normal business narrative. Here are some good practices that your staff should follow without fail:
- All their devices should have updated antivirus, anti-malware and firewall protection
- They should only use secure, password-protected WiFi networks for work-related tasks
- If they do use public WiFi – especially one that’s open and not secured through a password – they should avoid accessing any confidential or sensitive company information on it
- They should not use Bluetooth in a public place
- As far as possible, they should use multi-factor authentication on any accounts for which it is available (especially email)
- They should always follow company policies regarding Internet access and device use
#5: Guard your email and confidential information
Remind employees that the company’s confidential information is confidential, whether they work from the office or from home. Personal email should not be used for company business and vice versa. They should also be very prudent about printing documents. Anything they do print should be destroyed after use.
Staff should also be extra careful about phishing emails. They should be on the lookout for genuine-looking emails that appear too good to be true. They should also double-check any emails that seem to be sent by out of office personnel (such as a manager or CEO). If they have doubts about the email’s content or sender, they should contact the sender immediately via another route (such as a phone call) to verify.
Conclusion..
In recent years, the frequency, number, and scale of cyberattacks on organisations have all gone up considerably. A business crisis can have huge cybersecurity implications and affect a company’s business continuity . And that’s why every company must employ a strong combination of technology and employee know-how to stay protected from unscrupulous cybercriminals. Be vigilant, be careful, stay safe!
