COVID-19 Cybersecurity Threats You May Have Overlooked
Maintaining a strong cybersecurity posture is more important than ever before as the COVID-19 coronavirus pandemic forces more and more companies into remote work situations. Whether it’s watching out for the latest COVID-19 cyber threats or shoring up network vulnerabilities to account for increased remote access, there’s quite a lot for companies to keep in mind as they adjust their business on the fly.
With all the challenges associated with remote work, such as dealing with unsecured devices and reassessing access policies, it’s very easy for some cybersecurity threats to be overlooked. In fact, opportunistic cyber hackers are counting on it. Here are four things organizations should be sure to take into account as they reassess their cybersecurity and risk mitigation needs in the face of COVID-19 social distancing requirements.
4 COVID-19 Cybersecurity Threats You May Have Overlooked
Supply Chain Disruption
One of the most damaging economic impacts of the COVID-19 outbreak has been the disruption of global supply chains. While the initial outbreak in China’s heavily industrialized Wuhan province served as the starting point, this event also set off a chain reaction that is still being felt around the world. The challenge goes beyond the lack of finished or assembled products coming out of China. There are many manufacturers all over the world that depend upon components coming from Chinese factories. Many companies have a truly global supply chain presence that continues to be impacted as COVID-19 spreads. Apple, for instance, has key suppliers and operations in Malaysia, South Korea, Italy, Germany, and the UK, all of which have been impacted by the coronavirus pandemic.
So what does supply chain disruption have to do with cybersecurity? Plenty. In fact, supply chain attacks are one of the biggest cybersecurity attack risks many companies don’t even realize they’re facing on a regular basis. According to a 2018 Ponemon Institute study, 56 percent of organizations have had cybersecurity breaches directly related to one of their third-party vendors. Even worse, despite the fact that the average number of third-parties with access to sensitive information within an organization has increased in recent years, only about a third of companies have a complete list of those vendors.
With so many suppliers unable to meet demand during the COVID-19 outbreak, companies will likely find themselves seeking out new vendors, opening the door to a wide range of new data security risks. In order to protect sensitive data, organizations need to carefully examine the security controls their vendors have in place when they enter into a new relationship. It’s also a good time to reassess the cybersecurity posture of existing vendors who might be partnering with other suppliers to cope with the disruption.
Privacy Changes
As organizations transition to using a remote workforce, they need to keep in mind that the increased data security risks they face affect not just their employees and their operations, but their customers as well. If new tools are being used to manage or gather data in different ways, the company has a legal obligation to inform customers of those changes. At a minimum, privacy policies need to be updated to communicate what changes have been made regarding the collection, use, and sharing of data.
Even if nothing has changed from a data management standpoint, it still might be a good idea to communicate that fact to customers. Given the recent coronavirus news related to remote work vulnerabilities, letting customers know that none of the changes a company is making will impact their data will provide some measure of reassurance. Of course, it’s also a good idea to take a closer look at that privacy policy to make sure that it is, in fact, up to date. This is especially critical for companies subject to the California Consumer Protection Act (CCPA), which requires businesses to update their privacy policy at least once every twelve months.
API Integration
Today’s organizations make extensive use of different software tools and cloud applications. In fact, the average company leverages five different cloud platforms. As Internet of Things (IoT) devices become more common, they are also being incorporated into company networks to deliver greater flexibility and provide innovative new services. Getting these disparate platforms to communicate with one another and easily transmit data between them was long a challenge that held many companies back. With the development of sophisticated application program interfaces (APIs), organizations have been able to integrate all of their external, third-party applications with their internal IT systems.
As businesses shift to more remote work, APIs are more important than ever to keeping data flowing smoothly through distributed networks. Just because the endpoints of those systems are secure, however, doesn’t mean there’s nothing to worry about. That’s because APIs are particularly vulnerable to cybersecurity attacks. If cyber hackers are able to exploit a broken or exposed API, they will be able to intercept all of the data that’s passing between the connected applications. While the type of security used to address API vulnerabilities will vary depending upon the type of data being transferred and the applications involved, it’s important that companies looking to strengthen their COVID-19 cybersecurity vulnerabilities pay special attention to these vital connections.
Video Conferencing Privacy
Video conferencing software has suddenly become an indispensable tool for many organizations as they shift to using a remote workforce. Unfortunately, most of these platforms weren’t quite prepared for the sudden spike in demand, resulting in slowdowns and dropped calls in the early weeks of the coronavirus outbreak. While these problems certainly impacted productivity, they were far less troublesome than the phenomenon that quickly became known as “Zoom-bombing.”
This trend saw uninvited visitors entering Zoom-hosted video meetings. These disruptions could range from awkward practical jokes to visitors sharing their screens to display pornographic content. While this was troubling enough, the greater scrutiny of Zoom’s privacy policy revealed some troubling details about how the platform collects and uses data. One privacy expert went so far as to call the policy “a bucket of red flags.”
Organizations utilizing videoconferencing software need to make sure that they’re scrutinizing their chosen platform to understand how it’s using data and what risks it could potentially pose. There is a temptation to simply adopt the most convenient solution in the rapid transition to working remotely, but companies need to make sure they’re vetting platforms as thoroughly as they would evaluate any other vendor.
Confront Your COVID-19 Cybersecurity Threats with Compuquip
When it comes to reinforcing remote cybersecurity policies and controls, Compuquip brings first-hand experience to the table. We transitioned to a fully remote workforce well before the COVID-19 outbreak and are ready to help our customers address their vulnerabilities as they do the same. To learn more about how we can help your organization secure its remote workplace, contact our team of cybersecurity experts today.