COVID-19: How organizations can protect against cyber risks
The COVID-19 pandemic has disrupted our daily lives and standard business practices. As more organizations and workforces work remotely than ever before, the opportunities for cyber attacks and abuse are heightened. Cyber risk is the second most concerning risk for global commerce, which is not surprising if you think about the increasingly digitized world we live in. With less than a 1% probability of catching a cybercriminal, cyber risk poses a very real threat to organizations and individuals. In this Pacific Prime Singapore article, we’ll cover how organizations can protect against cyber risks.
Types of cyber risk
Many organizations are now working entirely remotely to comply with guidelines set out during the pandemic. Unsurprisingly, cyber attackers are using the coronavirus to their advantage. By deploying their malware, these attackers put themselves in a position to capitalize on the novel remote workforce.
Before we take a look at how organizations can protect against cyber risks, it’s important to understand the different types of cyber risk. There are three main types of cyber risks, including privacy risk, security risk, and operational risk.
Privacy risk has to do with the contractual indemnities and regulations that are part of your consumer’s privacy rights, or other contractual entities. These days, privacy legislation describes consumer rights in regards to collecting, processing, storing, and using data through laws like the General Data Protection Regulation (GDPR). In addition, more organizations are applying contractual controls to protect their interest when it comes to privacy.
When people think of cyber risk, security risk is usually the one they’re thinking of. As the name indicates, this risk involves a security occurrence that could damage an organization. Some examples of security risks include a data breach, a malware attack, or a phishing attack. These types of incidents can have both monetary and reputational consequences.
Operational risk occurs when a business is dependent on technology for offering services and generating income, and would, therefore, be negatively affected by a disruption or hack. For instance, if a specific technology is required to complete a mission and it is unavailable or access is impaired, the interruption could result in financial losses.
It is worth noting that the three primary types of cyber risks can overlap. Ultimately, a security incident may call attention to security risk in an organization and eventually cause operational or privacy risks.
Increased vulnerabilities caused by COVID-19
The remote and decentralized working circumstances caused by COVID-19 increase the risk of several types of attack, such as:
- Phishing/Spear phishing: Email and other forms of electronic communications with specific information embedded about the recipient to trick them into opening a link or an attachment, or perform other compromising actions.
- Business Email Compromise (BEC): Email strategy singling out recipients to send wire transfers, usually by pretending to be the CEO, CFO, or other senior roles in the company.
- Social engineering: People are psychologically manipulated into performing actions that they would not typically do.
These types of attacks can result in a greater risk of ransomware. Aside from infecting and locking the businesses’ computer networks (and their customers), they can encrypt and destroy data as well. Acknowledging that some types of cyberattacks may lay dormant for anywhere from days to even years, current actions could significantly impact the earnings and reputation of an organization for years to come.
Good practices to raise an organizations’ cyber safety
Luckily, there are some preventative measures that organizations and employees can take to avoid such activities and keep their digital environment as safe and secure as possible.
- User awareness training: Employees should receive appropriate training regarding security guidelines and phishing campaigns before connecting remotely to the corporate network.
- Secure connections: Only secured remote access to company networks should be used, with preference to connectivity via virtual private networks (VPNs) or other encrypted connection mechanisms.
- Multi-factor authentication (MFA): Multi-factor authentication should be used to configure VPNs as an extra security layer. This ensures that only authorized individuals can access the corporate network.
- Mobile device management (MDM): Employees’ electronic devices ought to be equipped with a business MDM solution. By enforcing adequate security controls and producing an encrypted virtual environment, the solution allows devices to safely store and process sensitive information, such as emails and documents.
- Internet perimeter protection: IT departments can help ensure firewalls are set up properly as well as monitor firewall logging to identify connections from suspicious or unauthorized IP addresses.
- Cloud security and compliance: Organizations using cloud services should make sure that security configurations are properly hardened and monitored for unauthorized manipulation or configuration drift.
- Increased monitoring and attentiveness: IT departments should be diligent in ‘blacklisting’ IP ranges for geographic regions or countries that employees would not be remotely connecting from.
- Attachments/links: Do not open attachments or click on links in emails from senders that are not trusted. The best way to navigate to a website is to directly type the site URL, with a secure URL starting with https. It’s important to inspect the URL prior to typing it in to see if it is the official website. Online URL checkers can be used before connecting as well.
- Information: Do not offer account details or even respond to unknown sources. Trusted sources, such as vendors and suppliers, usually already have this type of information. Additionally, never send passwords or personally identifiable information through email to unknown individuals or open attachments found in unsolicited emails.
- Report suspicious activity: Any suspicious emails should be reported to the appropriate department in the organization.
- Contact the help desk: Employees should notify their local help desk if they think they have clicked on a link or opened an attachment that infected their device with malware.
COVID-19 continues to introduce numerous challenges to businesses across the globe, but developments in technology allow organizations to remain operational and adaptable despite facing uncertainty. Carefully monitoring the prevalent cyber threat during this crisis is vital to ensuring continued success.
How can Pacific Prime help clients?
Since cyber insurance premiums are vast, tailoring insurance coverage to your business needs ensures you receive the right cover at the right cost. Fortunately, Pacific Prime offers tailor-made solutions, along with risk analysis, benchmarking, and competitive intelligence. Portfolio management also allows us to keep our clients abreast of new and emerging trends. Last but not least, Pacific Prime provides year-round policy assistance to ensure our clients always get the help they need.
If you’re shopping for business insurance then look no further than Pacific Prime’s company insurance solutions. Pacific Prime is a business insurance and employee benefits specialist that can help you find the best group health insurance and other insurance plans in Singapore to match your needs and budget.
- Waiting period in health insurance: What you need to know - August 18, 2022
- 4 physical problems from sitting too much (and solutions) - April 22, 2022
- Singapore’s new points system aims to attract top talent - April 7, 2022