Malicious attackers are looking for a vulnerability during this time more than ever before. During stressful times users are less likely to remember their passwords and more than likely to click on malicious links or give their credentials out. The coronavirus has led many to becoming more stressful than before due to many not knowing how to react, if they still a job, if money will continue to come in and much more. With the high stress levels, it could lead many to becoming a victim and that is why phishing education should still continue. Phishing education sessions should still be sent to users to test their knowledge level and skills during this time. The more training an employee obtains, the less the risk for the organization. With many organizations being unprepared for cybersecurity risks and the limited IT resources it can only lead to more potential problems.
Securing devices, protecting endpoints and patch management can be the most difficult things to do at this point since no one knows if the employees home system is secure or being protected against malicious hackers. Many organizations have not upgraded their systems and many employees are working off legacy systems which could possibly include Windows XP, Windows 7 SP3 or earlier editions. With that being said will the work being done at home be worth it completely or will it just put organizations at a greater risk? Since, many organizations must abide by certain regulations such as HIPAA it is indeed possible that many companies are not following the guidelines of those regulations and are putting information at risk unless they’re indeed using a VPN connection of some sort. If an organization still has legacy systems in place, the only resolution to the work-from-home option at this point would be ensuring that all work-from-home employees access applications and etc. via VPN connections only to help reduce the risk.
Overall, backups are needed more than ever before (but at least before everyone returns back to their normal work environment). Patch management and updating/upgrading systems should be a thing of the future, if it isn’t already. Cybersecurity in general should not be taken lightly by any organization after the crisis we are experiencing at this moment and time. Budgeting for cybersecurity related ideas such as VPN connections for all work-from-home employees, cybersecurity training, anti-virus protection, OS updates/upgrades, encryption tools implemented where needed and any other security related ideas that would help reduce risks for all organizations to a certain extent. Nothing is 100% protected but it could help reduce the risks at hand.
References:
Seals, Tara (2020, March 13). Working from Home: COVID-19’s Constellation of Security Challenges. Retrieved from https://threatpost.com/working-from-home-covid-19s-constellation-of-security-challenges/153720/
MillerOnCyber 