We are living in a period of profound upheaval brought on by the pandemic which is raging around the world. Companies are facing a new economic climate to which they must adapt. Especially since the cyber risk does not abate. Vigilance is required to counter the new threats that this context generates, the CoVid-19 having become a vector of attacks targeting both businesses and individuals / employees confined to their home or telework.
Protect rapidly changing remote personnel
One of the challenges for companies today is managing remote staff. We can have adequate tools and good protection since teleworking is not technically new. However, let’s not forget that a large number of people are discovering telework. They can therefore ignore that some of their practices unintentionally generate unnecessary risks.
Everything must therefore be done to guarantee available, reliable and secure connections so that teleworkers can exercise their profession and that businesses can continue their activity
Educate, share and rigorously apply cybersecurity rules
The exponential growth of telework and the massive use of cloud services are bringing more than ever to stress the importance of adopting security rules and flawless cyber rigor. Cybersecurity is everyone’s business (managers, employees, partners, etc.) and involves all of the company’s stakeholders. It is necessary to share good practices and apply a few basic rules to guard against cyber threats:
- In case of telecommuting, isolate the professional and personal accounts. Contagion of a risk from household tools (personal computer, smartphone, tablet, connected object) to professional devices can harm the security of a business, a public body.
- Apply good security practices such as strong passwords and their regular modification, multi-factor authentication, identity management and device security configuration.
- Ensure that users know what to do if their device or their data is lost, stolen or damaged in any way. Also check that IT and security teams have the analysis and supervision tools required for cloud environments, applications, networks and remote users.
- Apply the same principles to the cloud as at the local level, in particular by determining the most important elements to protect, by prioritizing resources and by being able to identify and block the threats causing the greatest risks.
Above all, and it cannot be overemphasized that simplicity should be preferred, as much as possible, for users of IT resources (IT, network). In a context of uncertainty, mitigating complexity, respecting security policies and reminding that “trust is a vulnerability” can protect against many risks.
No business continuity without agility
As the crisis rages, an imperative of agility prevails. To paraphrase the military jargon, it is a question of differentiating the “raid” from a “contact”. In a raid, you have a high degree of certainty, a detailed knowledge of the threat, an organized and synchronized plan, all based on great precision.
Getting in touch is just the opposite. We face uncertainty and we do not know precisely where the threat lies and its reaction. You do not immediately engage its entire structure and hold a large part in reserve. We can launch the action with a small recognition force, relying on clear communication to inform ourselves in order to decide what to do next.
The pandemic and associated cybersecurity threats demand that we maintain this agility, resources in reserve to face the unknown. It requires maintaining constant communication on the development of “events”, providing for adaptation measures (prevention, resilience plan) and making teams aware of cyber risk in the light of the new context in which they work (teleworking ).
No one knows how long the coronavirus pandemic will last. We must guarantee the security of our information systems, the health sector, our supply chains, our professional activities and those of organizations of vital importance. Thus, we must ensure that their cybersecurity remains a priority and take the measures required to prevent potential risks.