Could Coronavirus Impact Your Cybersecurity?

I was never much of a Boy Scout, but I do remember my troop leader repeatedly telling us to “Be Prepared.” And given everything going on in the world, this is probably a pretty good time to take that recommendation to heart.

So in light of the spread of Coronavirus, please consider the following:

• Now is a good time to update remote and teleworking policies and guidelines
• Employees not used to telework will need to be educated on security best practices
• Phishing schemes will prey upon COVID-19 fears and immature security protocols
• Customers will need reassurance around continuity of services

With coronavirus disease 2019 (COVID-19) causing uncertainty across the globe, it is important for small and midsize businesses to be prepared to support remote workers. Many businesses are already transitioning their workforce to alternate locations - primarily working from home. Businesses that have not previously allowed telecommuting, are now doing so and a growing number of companies are completely closing down their physical offices until more is known about the spread of the virus.

In order to ensure a seamless transition to working remotely, team members will need technology, connectivity, and security guidelines. If you don’t already have telework policies and agreements in place, you should develop them quickly.

Even if you don’t expect to move to a remote work environment, your employees could become exposed to the virus, which would necessitate a quarantine that could last for an extended period of time. If that happens, you will want to set them up to work remotely.

Are Your Potential Teleworkers Ready?

Does your business have VPN set up and available for employees who might be sick or under quarantine? A VPN offers you online privacy and increased security by creating a virtual private network from a public internet connection so your device(s) isn’t exposed directly to the Internet. Business travelers often use VPN to access their business’ network - remote workers should do the same.

Employees new to remote work might decide to spend part of their day at a local coffee shop that offers free Wi-Fi. Is that acceptable to you? Many companies are very wary of free Wi-Fi - with good reason. Remind employees to be cautious when using public Wi-Fi; it’s public. Data thieves might be sipping coffee in the cafe right beside you. And if they are connecting via a public network, make sure they use the VPN.

Will employees be using their own devices or are you able to provide them with the equipment that they will need to work from home? Will you provide them with antivirus software or depend on whatever they have? Employees are likely to have questions about the cost of a computer, software, internet service upgrades and such. Do you have a policy and or a budget for these things? You should be prepared to answer the obvious questions.

Today is a Good Day For a Cybersecurity Refresher

Even if you don’t expect remote working to become a reality for your business, it is never a bad idea to share basic security information with your employees.

Phishing still remains the biggest threat to enterprise security. Now that we are all concerned with a possible pandemic, phishing schemes that prey upon fears of this virus are already out there. And we are seeing more every hour.

Remind employees not to click on links in emails without being absolutely sure that it is safe. If they receive an email from the CDC with an “urgent coronavirus update” or even an interoffice memo with a “warning, team member is infected with coronavirus” they should go directly to the source of the information without clicking on any links. You should educate your employees on how to identify phishing emails, but people will still make mistakes, so remind them to go directly to the source.

This recent blog on vendor email compromise attacks examines Business Email Compromise (BEC) scams. BEC is a form of targeted social engineering attacks against institutions. They typically include spoofing an email from a C-level corporate officer, “baiting” staff members to do the attacker’s bidding.

Highlighting the importance of good cybersecurity due diligence will be helpful in reducing knee-jerk responses to an already fever-pitched topic - pun intended.

Customers Might Need Reassurance

Many of us have already received emails from companies we do business with, from credit card providers to airlines. Do your customers need some reassurance? You may not think there is currently a need to send out an email to your customers, but at a minimum you should start to think about how the virus could impact your customers, what questions they may have, and what reassurances you can provide. Have that draft ready for when you think the time is right.

Consider what potential changes could become necessary? And consider implications such as:

• Service disruptions
• Expanded remote services or access for customers who can’t or won’t leave home
• Possible travel restrictions
• Reduced workforce should the virus hit your workplace

Customers need to be reassured that even in the case of employee absenteeism, there is a plan for the continuity of services. Have a reassuring message ready for them. We all need some positive assurances that things will return to normal quickly.

Don’t let COVID-19 force you to adopt unvetted cloud services, work without VPNs, or disrupt business operations due to emergency remote-work measures. BlueVoyant is here to help you establish proactive cybersecurity and incident response plans.