The COVID19 pandemic has shaken the world.
With the way we work, operate, communicate with each other, and run our businesses all changing in an instant.
The result of all of these changes has led to new business processes and models and not so much new but very different technology infrastructures.
Confined to our homes for such a long time means we’re also now seeing a substantial increase in online business cybersecurity, and rightly so!
The cyber security implications on COVID19 are huge and it is in this area that businesses should focus not only their attention but their investment.
In the beginning
When COVID19 first saw offices and workforces shutting down and employees told to operate by `working from home, ` it’s safe to say that a lot of IT solutions were applied ad hoc.
Some quick developments, workaround solutions, and deployment processes came into effect that had cybersecurity teams lying awake at night!
However, today, as the world begins to see a small light at the end of a very dark tunnel, online businesses are now planning for the future, albeit very differently.
Impact of online business to cyber threats
Unfortunately, as everything, and we mean everything, has swiftly been moved online, cyberattacks are now more inevitable. Cybercriminals play on people’s fear as well as weaknesses in online business setup and systems.
Then there is also the fact that 95% of your workforce is probably working from home right now, and if you’re honest, you know deep down, your IT security is only currently able to do so much!
So, where do you start, and which areas should you focus on first?
Make use of cloud services. Cloud services are more cost-effective, efficient, highly resilient, and offer greater all-round security benefits. Ultimately cloud services allow you to grow or shrink your IT requirements depending on the market conditions you are facing, making them extremely versatile and flexible. At some point, you may wish to get some form of cloud security testing done, just to make sure your system is as safe as possible from hackers.
Keeping your VPN clients secure online – focusing on increasing bandwidth, making more use of Internet Protocol Security, implementing mobile device management solutions, and considering what internet-based remote desktop protocols you could put in place.
Configure network access controls – look to authenticate and validate devices through network access controls, manage configuration centrally using defined security configuration, look at endpoint isolation for remote applications, and use data collection to effectively identify unauthorised activity.
Keep everything updated, always – all anti-virus software, firewalls, and more should be regularly updated. With cloud-based applications, these updates are already carried out for you, so you don’t have to worry. However, you must remember to regularly check on your firewalls to ensure that they’re still providing the service level you require.
Explore alternative collaboration tools – video conferencing has been a lifesaver during the pandemic and will most likely be used extensively. Securing these further and looking at an organisation’s own chatbot capability will help enhance operations in the future.
Be better prepared to work from home – ensure employees have everything they need to set up their home office and create a data security plan that includes implementing business networks. Oh, and also prepare for different working hours!
Back up your data – again, a cloud-based storage solution is the most cost-effective, reliable, and secure when it comes to ensuring your business operations can continue 24/7.
Create a BYOD policy – the likelihood that most of your employees used and continue to use their own devices during the pandemic means that businesses must establish or reshape a policy around BOYD and security.
Check all insurances – with operations and IT infrastructures changing, businesses must ensure they have full cyber-attack financial protection and recovery.
Update business continuity plans and make sure to include cyber incident breach responses! This is your recovery plan when disaster strikes. Strategies that will offer you guidance and ultimately help to keep your business up and running. It removes the stress of needing to think on your feet, with time spent planning now helping to save time and money in the future.
Cybersecurity for online businesses
It’s important to remember your customers want and need information during these times, so make sure to tell them what your business is doing and how you are operating during COVID19.
Think about the information they need, and place this on the homepage of your website.
As an online business, you should also:
Look to increase your website’s security measures pronto – phishing and scamming websites have increased dramatically, with COVID phishing emails luring people into downloading some devastating malware. Make sure to check all emails, increase your firewall security to block out such spam, and continue to be wary of emails from unknown senders and the attachments and links contained within.
Keep your online store tight – with businesses shutting their doors, online sales soared! With this in mind, it is important to keep track of your customer journey, the critical touchpoints, and how you can help them further through your online sales funnel.
Ask for help! – no one knows everything, and in times like these, we can all learn something from others!
Securing your business online is an ongoing process. Keeping up defences and keeping everything up to date in the ever-changing environment is now fast becoming vital. To make sure that your network is secure, you can use sites such as https://www.synack.com/blog/guide-to-security-penetration-testing-tools/ to complete web penetration testing regularly.
Managing cyber threats today
Teams need to be agile, more than ever before.
Ideally, businesses should be collecting and analysing cybersecurity alerts centrally so that these can be detected efficiently and responded to accordingly.
Firewall rules and VPN profiles should now be reviewed promptly and updated, so employees can not only securely access networks and data, they can only access the data and information that is relevant for their job role.
We would also recommend disabling split tunnelling for VPN profiles to prevent employees from jumping online directly from their personal devices while also accessing the company’s network.
Most IT departments will already implement this, but it makes things much more efficient when you enforce software updates for remote workers, implement patch updates, and enable multi-factor authentication for VPN and critical information systems.
Businesses should look into multi-layered security systems that include SaaS-based platforms. The reason this multi-layered approach is increasing in popularity is due to hackers actively gravitating away from these platforms, as they’re much more difficult to penetrate, so their focus is geared towards less secure systems.
Finally, we need to educate our teams. Teams and individuals need to understand what a phishing email looks like, the signs and traps to look out for, how to handle sensitive data, why clicking on links from emails we don’t know is a bad idea, and more!
Today’s IT teams have enabled businesses to continue their operations and support employees; however, the pandemic has also shown us how companies need more and new security solutions to respond to this new reality.
Cybersecurity for business
If we’re honest, what the pandemic showed the business world is that companies of all sizes were left struggling to maintain online security and business continuity.
Unfortunately, as we know, cybercriminals thrive on fear, and hackers took, and are still taking full advantage of the situation and increasing their criminal activity, offering bulk discounts for their services and often data collected.
Current reports highlight that online threats increased six times more than their normal levels during the height of the pandemic. With phishing attempts up by nearly 600% in March alone!
It’s more vital than ever to protect our online businesses for them to survive.
Businesses now need to look at how they can minimise risk, invest in new and enhanced cybersecurity protocols, and build resilience to rebuild and grow.
Leveraging your cybersecurity systems now means businesses can focus on sustaining their operations.
Rebuilding a cyber-secure future
Businesses need to adapt and adopt the new `normal` (whatever this is for your business). We need to be investing in our IT infrastructures as we begin to see some significant changes in IT and cybersecurity controls, as well as some lessons learned.
Policies, documentation, and processes now need to be developed and put in place, showing much more permanent solutions rather than quick workarounds.
These changes to our future IT services focus on building resilience and moving with the times. Because if COVID19 has shown us anything, it is that remote working is not going to slow down, cloud infrastructures and applications will continue to increase, the demand for online collaborative tools will continue to grow, e-commerce will be everywhere, and unfortunately, we will experience more cyber-attacks because of all of the above.
Today, we’re relying on digital more than ever, in every sense of the word.
The question is, `does your existing IT infrastructure support this`?
More from my site
Hey, I’m Rory and I am the ultimate accidental geek.
Born in London I was never interested in technologies until I started a part-time job at Apple and now I can’t get enough. Join me as a help you navigate the world of tech with some of my fellow geeks.