As more companies move to execute their business continuity plans, we continue to see bad actors taking advantage of the situation to perform various cyber attacks against companies. Here are some things you can do to help prepare your staff to stay vigilant during these trying times:
•Phishing—Look out for Coronavirus phishing scams. We have already seen fake CDC updates, IT alerts and software notices that attempt to obtain user credentials or install malware, so consider implementing Coronavirus-specific phishing training or testing. It is also a good idea to redistribute any company policies that cover the use of personal computers, smartphones, tablets and WIFI networks for work and emphasize that (a) those policies still apply to those working from home, and (b) security protocols will not be relaxed absent a clear change in policy.
•Have a consistent format in your updates to clients and staff – Don’t send legitimate emails to your staff or clients that look like phishing emails. These can take the form of COVID-19 maps, or links to outside websites. Official communication you send to your staff should follow the same format every time, so clients and staff can identify legitimate emails vs. phishing emails.
•Remote Access - Have you tested your remote access capabilities to ensure it can handle the load of all your staff accessing your systems remotely? Consider performing a stress test of your systems to handle the load. There are also ways to distribute the load across many computers to ensure that your systems are not overburdened, which leads to staff inefficiency. Lastly, ensure that your staff have 2 factor authentication protocols in place to add the extra layer of security for remote access.
•Help for the Helpdesk – Working from home may be a foreign concept to your staff, and the confusion that arises from having staff work in a different way will lead to an increased number of service requests to your IT Team. Anticipate this and either have a workflow in place to send overflow calls to another source, or prepare your staff for longer than usual wait times with their IT team.
•Anticipate Remote Work Problems - Your staff will experience issues working remotely. A common example of this is not knowing how to print remote documents. This will tempt your staff to compromise security, such as emailing confidential documents to their personal email accounts. These documents will now be “in the wild” and thus vulnerable to exposure or cyber theft. Implement policies and procedures to prevent this.
•Essential Employees - Your IT team has to be ready to protect the network, and implement patches and other security measures in haste. Ensure that they are readily available to do this, and consider adding backup staff in case some of your IT team become unavailable.
•Vendors - Coordinate with your vendors to ensure that their cybersecurity contingency plans are accurate.
•Update Contact Information - Ensure that the contact information for your staff is updated for all your employees, especially cell phone numbers.
•Protect Medical Information - Although it is important to share the status of an ill employee with your staff, remember that you still have to maintain the confidentiality of your staff, as required by law. This includes protecting the identity and medical status of the employee or family members.
Not sure that you’re prepared to weather the Coronavirus storm? We’re here to help. Schedule a free consultation with us below to assess where you are with your business continuity plan and where you need to be.