Téléphone: (+33) 9 75 12 81 19 Email: contact@apessi.com

COVID-19 raises cybersecurity risks

The global pandemic has forced millions of employees to work from home, all with relatively little training or preparation for those are unused to doing so. The current state of affairs heightens cybersecurity risks for businesses of all sizes. Below are some of the challenges and suggested measures to minimize these risks.

Data loss and privacy breaches

Remote work increases the likelihood that:

  • Devices with company data will be lost or stolen (e.g. laptops or devices left in cabs or public places; thumb drives misplaced)
  • Employees will use computers or devices that are less protected than office-issued equipment, or that operate entirely outside the umbrella of the company’s cybersecurity measures (e.g. firewalls; virus protection; login access controls)
  • Employees will rely on unsecured wi-fi connections in public spaces (coffee shops, public libraries, etc.) that are more susceptible to attack than secure office connections

These factors increase the likelihood of loss of corporate data and of privacy breaches from the leaking of private information belonging to employees and customers.

Make sure your employees are aware of company policies governing device use and security. If you don’t have such policies, now is a good time to consider putting them in place.

Heightened vulnerability to cyber attacks

Cyber criminals and recreational hackers are turning people’s curiosity and anxiety against them with attacks targeted to users seeking COVID-19 information (e.g. some hackers are sending phishing emails purporting to come from health or medical organizations, or even World Health Organization officials; others are posting malware-infested virus maps online to collect users’ personal information).

The proliferation of such attacks increases the likelihood that some will succeed. Remind employees of their information security training and the danger of clicking on unsolicited emails. If you haven’t implemented mandatory regular information security training for employees, you should do so as soon as practicable.

Slackened financial controls

More executives working remotely means it may be harder to implement existing financial controls to prevent fraud (e.g. collection of signatures approving transactions is more difficult; in-person meetings or calls to verify that instructions sent via email aren’t fake are more difficult when executives aren’t in the office or easily reachable by phone). Companies should be monitoring transactions closely and ensuring that any approval workarounds still allow for proper authentication of instructions.

Looking ahead

This crisis will test the cybersecurity posture of Canadian businesses and for many the lessons will be harsh and expensive. If you discovery a cybersecurity breach, follow your incident response plan. If you have cyber insurance, contact your designated breach coach immediately. If you don’t have cyber insurance, you should call your lawyers immediately and ask for a breach coach to co-ordinate your response and recovery efforts. Every hour and day counts in responding to a data breach.

Source : https://www.lexology.com/library/detail.aspx?g=81507811-6811-4147-b8e2-d5ccd7e0972e

Elitecyber Group
EliteCyber est un service recrutement Cybersécurité personnalisé et adapté à vos besoins Pourquoi nos clients font appel à nos services d’expertise recrutement Cybersécurité : Vous avez des difficultés à sourcer et identifier des candidats sur un marché niche Vous avez des difficultés à attirer et retenir les talents par manque d’informations sur le marché (pratiques, tendances, salaires, concurrence) Vous avez une marque employeur mal identifiée et vous manquez de notoriété sur le marché Cybersécurite Vous avez la volonté de sensibiliser vos équipes de recruteurs internes aux meilleures pratiques en matière de recrutement cybersécurité Vous planifiez un recrutement stratégique (CISO, RSSI, Directeur Sécurité) et vous avez besoin d’une confiance totale dans l’approche de ces profils Vous avez pour projet de créer un pôle ou monter toute une équipe Cybersécurité et vous avez un besoin recrutement volumique Nous avons plus de 20 ans d’expérience et sommes à la pointe du recrutement de professionnels de la cybersécurité en Europe. Nous sommes maintenant établis en tant qu'agence de recrutement de premier plan en cybersécurité en Europe. Nos équipes de recrutement sont en contact quotidien avec leur réseau de candidats, développant et entretenant des relations solides basées sur la confiance et la transparence. En tant qu'acteur puissant sur le marché, EliteCyber ​​est présent sur différents événements spécialisés tels que : FIC, forum de recrutement pour la cybersécurité, ICICS et Cyberdays. Nous sommes reconnus dans ce secteur pour le niveau exceptionnel de service que nous apportons aux clients tout au long du processus de recrutement et de l’intégration de nos candidats chez nos clients.

Laisser un commentaire

Champs obligatoires *