COVID-19: Information security risk rises amid outbreak

A surge in the number of people working from home amid the coronavirus pandemic is likely to see some firms cut corners in their rush to enable remote access to their office IT systems -- leading to warnings around confidentiality, and a call to firms not to bypass usual security measures.

Partner at Clyde & Co, Helen Bourne said: “It is advisable for ‎organisations to consider the logistical impact and security implications of a greater proportion of a workforce working from home. Communication channels change when a majority of people work remotely and as a result, the confidentiality of documents and information may not be as secure and cyber hackers are aware of these vulnerabilities.

“The likely changes in working conditions in the foreseeable future should prompt companies to review the effectiveness of remote working security policies to protect the confidentiality and privacy of information. Reminding employees of good online security techniques, strong passwords and to guard against phishing emails or security threats over the coming weeks will be essential, bearing in mind the same legal obligations, particularly in respect of personal data, will continue to apply.”

The consequences of failing to adopt suitably robust security measures can have legal implications, and could even lead to a penalty from a regulator, she explained. “It is also not just about taking steps and implementing policies to mitigate security risks but additionally ensuring there is an incident response plan and back-ups in place so that the impact of the compromise is minimised."

Head of cyber response corporate intelligence, crisis management and cyber security firm, SR-M, Oliver Price, added: “In their haste to encourage home working, firms may be tempted to bypass their usual due diligence practices in the rush to set their employees up with remote working and cyber hackers will be rubbing their hands with glee at the prospect of firms dropping their guard on security standards. Employers must prepare for a likely increase in social engineering and phishing emails targeted at their employees, especially firms that have had their offices shut due to a suspected or actual coronavirus case.

“Corners must not be cut when it comes to online security. Employees need to be mindful of phishing emails that purport to come from their employer and ensure they check that the email and email address looks genuine before clicking on any links within it. Furthermore, firms should be vigilant, monitoring the location that staff are logging in from to check any unusual connections from overseas countries. The good news with many companies banning overseas travel at the moment is that connections from unusual locations will be easier to spot.”

    Share Story:

Recent Stories

Your people and the pandemic: Are you doing enough?
Employee health, well-being and security have always been a vital part of risk management, and as organisations seek ways to ensure a smooth, successful and sustainable return to operations amid the evolving environment, careful consideration has to be given to all these areas, and quickly. Published August 2020

Responding to COVID-19: A safe and secure return to work
Learn more from the experts that worked on the recovery of the Diamond Princess. Published July 2020