During the pandemic, an organization’s security threats heighten—the risk for insider threats increases. There are two challenges: remote workers and the economy.
The first challenge during COVID-19 is dealing with so many employees working remotely. The workforce went from mostly in the office to working remotely within 24-48 hours. Most organizations companies have unspoken or informal policies regarding remote work. But unspoken rules can create confusion and open the organization to cyber risk. The concern about remote workers and cybersecurity is a substantial and valid one to have. Questions arise, such as they are using company devices or personal, are they using secure WiFi or VPN, and are they the only ones using the equipment? Increased phishing attacks around Coronavirus information, stimulus checks, and remote work policies cause a cover for cyberattacks.
Organizations can protect their new remote workers by building, updating, or executing policies for remote work to ensure business continuity. And they need to communicate effectively with their managers and staff about keeping cyber safe. It could include organizations updated software/malware or even pay for that software if the employee is using their devices.
The second threat is insider fraud. The economic impact has been negative. Reduced to part-time, furloughed, laid off, loss of extra income, or severe illness opens the door to good employees to turn. Understanding that employees are under high stress, given the current situation, may cause them to do things out of character. Managers and executives need to be aware and in constant contact with their team monitoring changes in behavior. Regular background checks need to occur, checking credit scores and criminal complaints. Conduct regularly a review of privileges.
Organizational mindsets need to shift. SIOs, as they battle cybercrime, need to focus more of their attention internally as the source of threats. Strong policies and systems need creation, then followed and enforced. Insider threats during a pandemic are real.
How can we help you understanding your cyber risk or need policies developed? Let’s schedule time to talk.