COVID-19 Cybersecurity Budget Considerations
COVID-19 has forced many organisations into using technology in ways they never expected. Staff may be working at home, with the need to access the company’s system remotely. Or, organisations may have established online platforms for customer engagement with very little planning and preparation.
These rapid innovations can open up many exciting opportunities for your company. Unfortunately, Sentaris has also seen an increase in the compromise of IT systems as a result of the urgent need for organisations to go online. These compromises range from fraud, to the theft of customer information, through to poorly configured servers as well as poorly written web applications.
As we approach the start of the new financial year, Sentaris recommends expanding your security budget to ensure that recent innovation and decisions around technology have not introduced any exposures. Here are some cybersecurity suggestions that your organisation may wish to consider adding to its FY21 budget. Implementing these methods, among others, will help put your company on solid ground as you face the opportunities and challenges that COVID-19 brings.
Staff awareness training
Prioritise cybersecurity awareness training for staff members, including a mock phishing attack. This will ensure that employees stay vigilant while working from home. For maximum effectiveness, mock phishing exercises should mimic the technologies used by your organisation.
Remote working policies
Do your employees understand what the organisation expects of them when they work from home? Organisations should ensure their working from home (WFH) and User Acceptance Policies are reviewed and updated. Many staff members will not be IT experts, so you may need to establish user-friendly ways so that remote employees use company systems securely.
Review any innovations for security weaknesses
Implement a security design review and Penetration Test. This review should include public-facing websites, remote access solutions, and any other solutions that were established during the Covid-19 lockdown.
Ensure that all remote employees regularly update security patches and security software. Devices not connected to your organisation’s network may introduce threats due to lack of security updates.
Implementation of two-factor authentication
Introduce two-factor authentication for email and sensitive data. Phishing emails targeting Office 365 and Google users have been around for a long time. Now, however, the risk to remote employees is greater as they may not be protected by your company’s controls.
If you would like assistance with any of the above cybersecurity recommendations or would like to discuss how to develop a security strategy and roadmap, feel free to contact Sentaris.