Invest in cybersecurity to survive

THE IMPLICATIONS of covid19 for average people have been all too evident in the social, personal and professional spheres, forcing them to become not only more efficient but also more proactive in terms of protecting their interests.

The American Chamber of Commerce of TT (Amcham) recently hosted another webinar in an effort to help businesses, and by extension the economy in TT navigate the hurdles caused by the pandemic.

Navigating the Pandemic: Cybersecurity was the topic, and a number of specialists in the field shared their view on why cybersecurity has never been more necessary for businesses which have developed or are developing their digital operations.

Melissa Pierre, senior trade and projects officer at Amcham and a specialist in the field, said the pandemic has created new opportunities for criminals to disrupt business.

"We already know that opportunistic criminals and other malicious actors have been using the internet and other rapidly evolving technology such as apps and mobile smart devices to compromise an individual or company’s financial and digital assets. Amidst a pandemic where social distancing, economic disruption and remote working have now become the norm, this has created the perfect setting for criminals to induce further shocks and disruptions to both our economic and health systems.

"It was just a matter of time for hackers to take advantage of a remote workforce, or an unsuspecting customer, plugging in company credit card details or other important company information on an unsecured network," she said.

Vernon Jeffery, chief strategist at Readiness Associates, a company which provides disaster and emergency preparedness services to healthcare organisations, said while no one could have foreseen entire companies going remote, covid19's spread has created its own unique set of cyber-security challenges.

"Ultimately, to protect their teams of employees and company sensitive information, organisations should endeavour to implement a singular cybersecurity policy that will follow a person around wherever they go, on every device that they use, that will protect them from everything from malware to ransomware to nation-states who are trying to steal their credentials, and, as well, can protect the company from bad behaviour if it should occur."

Shanna Utgard, success manager at Defendify, a cybersecurity platform designed specifically for small businesses, offered five suggestions for companies to secure their remote workers during the pandemic.

* Secure and test remote connections. Hackers frequently exploit out-of-date firewalls and VPN connections. Companies should ensure all devices on their network are up to date and "patched," by keeping applications or operating systems updated on phones and other smart devices.

* The connection tool (VPN) or tunnelling tool coming from the employee’s home and back to the corporate network should be secured and using a two-factor authentication in addition to a password.

* Run a cybersecurity assessment. When working from home, companies will need to perform self-assessments to walk through the cybersecurity controls, as well as identify what has changed with their infrastructure and overall IT posture.

* Set work-from-home expectations. It is important to set various policies and plans when working from home.

Notably, companies should have a technology and data-use policy that prohibit employees from using personal devices that are out of date from accessing company data.

She says companies risk insider threat when employees leave sensitive information accessible on their personal devices, and risk infections from personal devices spreading to the corporate network.

Companies should ensure that employees are saving all documents and corporate information to the corporate network or a cloud file hosting service and not to their device desktops. And companies should also try to use encrypted file storage solutions and avoid sending attachments through e-mail, because most e-mail services do not encrypt attachments.

* Train your team. Owing to distractions at the home, companies should invest in training employees to use new technology at home that they are unfamiliar with, to prevent information from being stolen.

* Revise the incident response plan. Companies should create a culture for employees to know what to do if they suspect an incident and to report issues when they occur. It is recommended that companies provide clearly defined support communication channels and a paper copy of the incident response plan to employees.

Utgard said hackers have tried to infiltrate the networks of users through suspicious registered domains and phishing schemes since the onset of the pandemic.

"There have been more than 40,000 new registered domains that reference coronavirus terms. These attackers are buying up these domains and they're starting them up and making these malicious websites and they're also using these domains to send these phishing attacks.

"First it was warnings from the CDC and the World Health Organization, then it transitioned to new cases that were reported in your area."

It has been reported across the globe that hackers are also setting their sights on information on social relief assistance programmes in a number of countries.

"We're starting to see the attacks transition into disaster relief," Utgard said. "So a lot of the themes of these e-mails now are related to grants and loans, small business relief, paycheque protection. All those types of attacks."

Anthony Subero, Hitachi chief risk and compliance officer, says this country must accelerate its digital transformation because of covid19.

He cited the government-appointed Road to Recovery Committee’s preliminary assessment report, saying, "If you look at the second block in both tracks, the digital transformation track plays a key enabling component to that road to the recovery strategy.”

Interconnectivity and the movement and storage of data, he said, not only mandate proper cybersecurity, "but it also drives the conversation towards data privacy and protection of confidential data for your consumer."

A company is vulnerable at two levels in a digital transformation, he said, including an increased number of attacks, as well as the ability to compromise data or have services shut down completely.

"To mitigate these threats," he said, "you have to adopt more effective cybersecurity and privacy programmes which are strongly embedded in the enterprise risk management framework."

Executive consultant at Hitachi Systems Security Daniel Gaudreau told the online audience that with more people working from home and exchanging information online, companies need to be able to evolve their digital environment with the rest of the technological world.

Cybersecurity and privacy, he noted, are basic requirements for any business as it advances its digital systems.

Trust is also key, between the company and consumers during the exchange of information, as both parties manage their journey toward digital transformation.

"If you are making use of technologies, you are making use of data," said Gaudreau, "and you need to make sure that protecting that information and privacy of your customers and employees are part of what would be considered on a day-to-day basis."

The webinar was part of Amcham's series on digital transformation, which it will continue to host in the coming weeks.

The idea, Amcham said, is to continue the dialogue, engagement, and information sharing it started at last year’s Tech Hub Islands Summit.

The webinar series, it said, was designed to help companies adjust to the disruption caused to business by the covid19 pandemic.