The challenge of protecting data in the age of COVID-19
Coronavirus upheaval reminds organizations of the importance of protecting themselves from the increasing number of cyber attacks
Since the beginning of the crisis caused by the spread of COVID-19, the number of cyber-attacks has literally exploded. Although precise data on the phenomenon is not yet available, we can expect a sharp increase due to the growing proportion of employees who are being transformed overnight into teleworkers.
According to Atlas Magazine, which covers insurance news around the world, the average cost of a cyber incident is increasing every year. In 2018, it was between 200,000 USD and 1.3 million USD for small and medium-sized companies and could even reach up to 27 million USD for large American companies.
The COVID-19 crisis creates opportunities for malicious activity. On March 22, the Paris Hospitals Public Assistance Center suffered a cyber-attack, reported L’Express. In mid-March, it was a facility in Brno in the Czech Republic that specializes in coronavirus testing, and last week the U.S. Department of Health was also under a similar attack.
To cope with the containment imposed by the COVID epidemic, companies, associations and communities have had to urgently set up or develop telework to maintain their essential activities. Opening up the organization’s information system to the outside world can create serious security risks that could jeopardize the organization or even jeopardize its survival in the event of a cyber-attack.
Prevention rather than cure
To protect against cyber-attacks, a policy for equipping teleworkers should be defined and implemented; giving priority as much as possible to the use of secure means controlled by the company; and clear usage and security guidelines should be provided to employees who have to rely on their personal computers.
In such a situation, limiting the opening of external or remote access to only essential people and services and strictly filtering these accesses on a firewall are essential. Securing external accesses by using a VPN (Virtual Private Network) also makes it possible to reinforce the security of remote accesses by restricting them to authenticated equipment.
More than ever, it is important to strengthen the internal password management policy. The majority of attacks are due to overly simple or reused passwords.
Several other points should also be prioritized, such as adopting a strict policy for deploying security updates; safeguarding the organization’s data and activities; using professional antivirus solutions; logging the activity of all infrastructure equipment and monitoring external access and vulnerable systems.
To prepare for this type of situation, companies must turn to lean solutions known as “Lean Management.” These can be deployed quickly and do not unnecessarily disrupt operations. They can ensure that the right people have the right access at the right time, while protecting a company’s vital assets from unauthorised access.
This approach, which helps meet regulatory requirements, focuses in particular on risk management. But to optimize identity and access governance, continuous assessment of the organization’s new challenges remains necessary.
In this sense, the COVID-19 crisis is a harsh reminder of reality and our responsibilities with respect to information security.