2 minute read 26 Mar 2020
Woman working from home

How planning for cybersecurity can help in the time of COVID-19

By

EY Oceania

Multidisciplinary professional services organization

2 minute read 26 Mar 2020
Related topics COVID-19 Cybersecurity

Protecting your secure documents and environment is as much about how you communicate with your people, as it is about the tech capabilities you have. 

Covid-19 has triggered a ripple effect of anxiety on a global scale. It means people are hungry for information, and more prone to falling prey to malware and ransomware attacks masquerading as legitimate news and information.

Isolation protocols also mean parents and children are all home together. Work devices are left unlocked around the house, or borrowed by children for school work. This is where otherwise innocuous incidental use can cause major issues. Malware introduced through personal accounts can make its way onto the work device and from there into the work network.

Communicating this risk to staff is absolutely critical as a first line of defence. 

Questions we've been hearing

EY Asia-Pacific Cyber Security Leader Richard Watson says many organisations, even at the top end of town, are unprepared for remote working at scale in this new environment, meaning seemingly small things such as updating policy and procedures for the new normal, can be overlooked.

He suggests making that a priority, and then communicating these to staff. Rearticulating what company policy should be also helps crystallise those critical actions the business and its workforce need to take while moving to a new BAU. 

Then, map what happens if people fall sick and can’t work. Contingency planning means thinking about access to a resource augmentation model. This is akin to a “Security as a Service” model, where another organisation such as EY can help out by dropping in people virtually to backfill as an extension of the home team, to help keep critical functions operational.

“For organisations have built monitoring systems for cyber alerts and incidents that have learned how to monitor over a certain network profile where everyone is in the office and data is flowing within that office environment,” Watson says, things will change rapidly. “Suddenly all those models are thrown out the window because now you’ve got a very different kind of network profile which severely impairs them.

Focus on getting the system to re-learn behaviours, triage alerts better and manage them better, because you’re likely to get a much greater number of alerts due to the change in profile. Reconfigure thresholds on alerts, change your policies around what you investigate and what you don’t, because you’ll be getting a lot more false positives now.
Richard J. Watson
EY Asia-Pacific Cybersecurity Risk Advisory Leader

And for businesses that operate call centres, or traditionally have had large desk-bound workforces?  Keep data on premise, or make sure it is secure in in the cloud.  The last thing you need is data going home with your employees if they are forced to be home based to comply with isolation requirements. How securely they treat that information and their devices when they end up at home, comes back to how well you’ve helped them understand the importance of your cyber protocols. 

Summary

About this article

By

EY Oceania

Multidisciplinary professional services organization

Related topics COVID-19 Cybersecurity