Security And Privacy Considerations During COVID-19
As people continue to work remotely for longer periods of time, a cyber security expert is issuing a warning: they can’t grow complacent and need to remember to separate the boundaries between work and home life. With the majority of states still adhering to shelter in place orders, employees have been grappling with issues like bandwidth and Zoom bombings and not having access to key documents to do their jobs.
“Their office is not at home, and that's a real problem because if we're talking about hard copies, documents, there's a lot of stuff that we don't have on our computer,’’ said Adriana Sanford, a cyber security legal expert and senior fellow with the Center for Intelligence and National Security at the University of Oklahoma. Sanford made her remarks as a guest on last week’s Task Force 7 Radio program with host, George Rettas.
For example, banks may have to do customer due diligence reviews but officials don’t necessarily have access to those documents. They have to adapt “customer due diligence to the realities of the pandemic,’’ Sanford said. “You cannot neglect this. This is a big problem the regulators are saying, because … we have to adapt to the new normal. We can't do the face-to-face interviews” during onsite visits, she said.
The hard copies that bank officials normally access are not available because many resources were left behind when the pandemic struck and people were suddenly required to work from home, she said. “It is a difficult environment to adapt to and it is a rapidly changing environment, because we need to comply with regulatory expectations,’’ Sanford said. “For the banking industry, it's a big deal. And for anybody in any profession, you have to be very, very careful.”
It’s important that employees not let their guard down the longer remote work continues. This may or may not be happening. A study from OpenVPN shows that 90% of IT professionals believe remote workers are not secure, and over 70% think remote staff members pose a greater risk than onsite employees.
As they always do, with employees out of site, companies need to continue reminding employees about the number of scams right now, particularly those that promise Corona financial relief, Sanford said.
“We've got issues right now with people impersonating other people, and calling up, and giving fake updates or cold calls from trusted institutions that are really not those institutions from the CDC or charities that are using access and gaining information from you,” she said.
Malware and phishing emails “will destroy your computer,” Sanford stressed. “And you also have to be careful [about what] you're sending, and I've been guilty of this, too. We’re locked at home, we’re isolated. We've been isolated for over a month, and it's really funny to get those jokes and to pass them on.” But often, she said, they contain malicious code.
Security Gaining Greater Visibility
There is some good news for security teams. Cyber security is among the areas in which CFOs are planning to invest as it is considered important to future growth, according to PwC’s latest COVID-19 Pulse Survey released Monday. While financial leaders are deferring or canceling planned investments and implementing cost containment, they recognize the importance of enhanced cyber security measures as remote work will become permanent for 49% of respondents.
The survey of just over 300 respondents was conducted over the past two weeks.
Yet, while remote work is showing good productivity results, cyber security professionals have their hands full. The (ISC)2 survey also found that 23% of respondents said cyber security incidents experienced by their organization have increased since transitioning to remote work – with some tracking as many as double the number of incidents.
Interestingly, 47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce. And while 41% said their organizations are utilizing best practices to secure their remote workforce, another 50% agreed -- but said they could be doing more.
Several respondents said the pandemic presents an opportunity for future process improvement. Others agree. In order to ensure remote work continues to thrive and workers remain secure, organizations should take a number of measures to ensure this continues, experts say. These include deploying a solid identity and access management (IAM) program, protect the applications that run the business and address data protecting and privacy concerns.