As the coronavirus pandemic continues to grow, many interactions are becoming increasingly virtual. For example, Harvard, UC Berkeley and numerous other universities have suspended in-person classes in favor of online coursework; international business events have been replaced with digital versions; some professional sports seasons are suspended, and many companies are mandating virtual meetings instead of physical gatherings. While these measures are designed to contain the spread of the virus, there is another threat against which SMBs must be equally vigilant: online security.
With an increase in online transactions and communications comes a greater likelihood of account takeover and other forms of online fraud. For example; bad actors are already taking advantage of the common problem of password reuse to access sensitive systems on a daily basis. It’s a sad but true reality of our times that this will increase with more virtual interactions, and that attackers will also be actively seeking other ways to capitalize on COVID-19.
With it looking increasingly likely that SMBs will have to enforce company-wide work from home policies for an indefinite period of time, it’s critical that online security be part of every organization’s coronavirus response. With that in mind, below are a few important areas to consider:
- Address Employee Password Security. The proliferation of breach data on the Dark Web makes it incredibly easy for attackers to access sensitive data if employees are unknowingly using compromised credentials and reusing these passwords across multiple sites and applications. This is already a huge security problem and one that’s likely to grow with the uptick in remote working as people will be creating new accounts and online credentials. As such, now is the time to ensure your organization has password screening solutions in place that can alert you—and your employees—to the use of compromised credentials and monitor their passwords on a daily basis. You don’t want to wait until your entire workforce is distributed to discover that your employees are inadvertently laying out the welcome mat for attacker
- Secure the Home. It’s not uncommon for people to practice different security hygiene in the office and at home. Connected devices like smart TVs or baby monitors can introduce a range of vulnerabilities, for example, or children can accidentally download malware on the home network. Encourage your employees to set up a separate Wifi account that they will use solely for business while working from home—not just during the COVID-19 outbreak, but at any point in the future. This is a critical security step but it’s not enough to truly protect sensitive data when employees are working remotely. It’s also imperative that they use their VPN to access any corporate resources whenever they are not physically in the office.
- Encourage Phishing Vigilance. One way I anticipate attackers capitalizing on coronavirus is by feeding into employees’ fear and confusion surrounding the virus and their company’s response. The global pandemic means we’re all in crisis mode, and more likely to click on emails with subjects like “How are you feeling?”, “[Company name] Confirms COVID-19 Diagnosis”, and other headlines that would raise a red flag in less heightened times. Given this, it’s important for SMBs to educate employees on phishing threats and ensure everyone is aware of how to spot them. It may also be helpful to distribute guidance on how your company will communicate about the evolving coronavirus situation so that employees are less likely to be tricked by a fear-mongering subject line.
- Beware of the Workaround. As many SMB employees face the prospect of indefinite remote working, they may be tempted to take copies of confidential data, email them to personal accounts, copy the information to a USB or a similar workaround. It’s important that leadership monitor for these activities wherever possible, and also reiterate the security threat this behavior poses when speaking with employees about COVID-19 contingency plans.
With both the coronavirus pandemic and the national response to the threat evolving on a near real-time basis, it’s impossible to predict the severity or duration of its impact on SMBs. However, it’s safe to say that we can all expect life to be increasingly virtual, at least for the foreseeable future. With attackers eager to profit from this situation, businesses that fail to consider the above and other security considerations in their COVID-19 planning are just as exposed as consumers who neglect basic hygiene best practices.
Michael Greene is the CEO of Enzoic.