Cyber security measures to take during the Covid-19 crisis
Businesses need to take a number of concrete measures to ensure that a transition to ‘work from home’ conditions does not translate into a significant cyber threat to their organisations. This is according to Cyber Lead at Deloitte South Africa’s Risk Advisory practice Eric McGee, who spoke to Hypertext.
McGee’s comments come as South Africa’s business environment moves online. Experts have been quick to point out how this new mode of operation could open business’ eyes to the costs that they could usually save on overheads, and the efficiency that they can achieve through more investment in tech platforms.
McGee acknowledges this, but also highlights the sea of risks that have now emerged as employees rush to establish their online work arrangements, unprepared for the malicious cyberattacks that appear to be increasing under Covid-19 conditions. “In a world where panic is rife and users feel the need to be informed about the COVID-19 virus, cyber criminals see these conditions as an ideal platform to attack unsuspecting victims,” said McGee.
“Security aspects are therefore more important, and the availability of virtual private networks with strong authentication and the ability to still sit behind corporate security controls, come to the fore,” he added. South Africa's cyber security market was already expanding prior to the crisis, and is likely to grow further as businesses adapt to new conditions.
McGee laid down a list of measures that businesses can take to shore up their organisation against this growing threat profile. In terms of infrastructure, these measures include the establishment of virtual private networks (VPNs) and firewalls across the organisation to help detect breaches.
Beyond this, McGee recommends identifying high-risk hosts and servers and setting up alerts on Covid-19 content within these, given that these are popular channels for cyber attacks. Logging activity of hosts and users is another useful measure, as it provides data to analyse for suspicious activity.
Backing up data offline is critical for organisations, according to McGee, as well as testing to ensure that these backups are secure. This is in addition to a number of other technical steps that can be taken. From an organisational perspective, McGee also recommends measures to create awareness among the staff of the growing cyber threat.
This includes warning them against spam mail and urging them not to act out of fear or panic. Closely related to the latter is to encourage people to draw Covid-19 information from verifiable sources in order to avoid unnecessary panic that caused by misinformation.