• Partner with Us
  • Careers
  • Blog
  • Schedule a Consultation
  • Contact Us
Identity & Access Management Identity & Access Management Identity & Access Management Identity & Access Management
Menu
  • IAM Mesh
  • Solutions
    • USE CASE BASED
      • Access Certification
      • Role Management
      • Provisioning Access Request
      • Password Management
      • Multifactor Authentication
    • IAM Solutions
      • CIAM for GDPR Compliance
      • Single Sign On
      • Identity Provisioning
    • Integration
      • EPIC EMP Provisioning
      • EPIC SER Provider Management
      • Cerner EMP Provisioning
      • Azure AD Admin Management Connector
      • Factory Model App on boarding
    • AVANCER’S IDENTITY BRIDGE
      • What is Identity Bridge?
      • Request For Demo
      • Partner with Identity Bridge
  • Consulting Services
    • IAM SERVICES
      • IAM Advisory Services
      • Assessment Services
      • Architecture & Design Services
      • Implementation Services
      • Modernization
      • IAM Managed Services
    • PENETRATION TESTING SERVICES
      • Penetration Testing
    • SALESFORCE SERVICES
      • Salesforce Shield
  • Industries
    • Financial Services
    • Manufacturing & Retail
    • Telecommunication
    • Healthcare & Life Science
  • IAM Resources
    • E-book
    • White Paper
    • Data Sheet
    • Expert IT Security Blog
    • Case Studies
  • About Us
    • Milestones and Awards
    • Technology Partners
    • Clients
    • Press Release
    • Careers

Why should you worry about cybersecurity during coronavirus pandemic?

Your browser does not support theaudio element.
Given the current pandemic situation, cybercriminals are implementing creative social engineering methods for accessing enterprise networks, systems and passwords through vulnerable personal devices or insecure endpoints of remote workforce.
As the world struggles to contain the current coronavirus onslaught, cybercriminals are implementing creative social engineering methods for accessing networks, systems, and passwords. Capitalizing on the fear and uncertainty of the situation, cybercriminals are exploiting a human weakness to tempt users into conducting insecure online behavior, leading to detrimental consequences in the present scenario. Cybercriminals are seen to be posing as the WHO or CDC to send fraudulent emails, asking for bitcoin donations, or sending attachments with malware to gain access to a user's system. Most of these attacks are conducted through email 'phishing' campaigns, wherein cybercriminals use coronavirus as the bait, and in the guise of providing information they lure the recipient to open attachments with malware. As enterprises are encouraging more and more employees to work from home, it is imperative for them to protect their systems for business continuity. In fact, as per a CNBC flash survey, more than one-third (36 percent) of executives on the CNBC Technology Executive Council stated that cyberthreats have increased, as a majority of their employees work-from-home due to the present pandemic crisis.

Some of the major security challenges that enterprises are facing in the rush to ensure business continuity are discussed below:

Challenge #1: Securing sensitive data.

COVID-19 pandemic has forced businesses to close their offices and send their employees to work-from-home. With that, the large number of employees connecting to VPN has put additional stress on the corporate IT infrastructure. This is especially an area of concern for companies that requires employees to use their own personal devices to access the enterprise networks and IT systems. Since the employee’s personal device may not have the same security controls that are typically found in company issued assets, one wrong click could provide a malicious actor access to the company’s internal systems and databases. Without data leak prevention controls, remote workers can transfer sensitive data from secure enterprise servers to their vulnerable personal devices or personal cloud accounts, which are more susceptible to cyberattacks. If the employees do not use strong passwords, updated antivirus software or encryption software, on their personal devices, the propensity of enterprise data being hacked by cybercriminals increases manifold.

Challenge #2: Securing remote access and communication services.

Remote access services like Virtual Private Networks (VPNs) and Remote Desktop Protocol (RDP) are increasingly being used by remote workers, which could also become targets of people with malicious intent. In fact, RDP has become a common entry-point for hackers to steal sensitive data from enterprise devices and networks. The vulnerability is further escalated due to usage of out-of-date RDP versions, without the latest security patches. While VPN connections are considered to be more secure, such networks could also be hacked in case of an employee being a high-value target, such as an admin or C-Suite employee.
Employees are also relying on online communication services such as Skype, Microsoft Teams and Zoom to connect with colleagues and customers. In a recent incident, Zoom was found to be vulnerable to remote attacks with the hackers stealing user credentials to gain access to Zoom meetings. Such vulnerable interfaces may pose potential cyber threats to enterprise networks.

Challenge #3: Maintaining enterprise resilience:

COVID-19 has disrupted business operations for companies without a proper business continuity plan. The quick change of events forced enterprises to have their entire employee base to work-from-home, without a thorough assessment and impact analysis to identify critical business functions. This is additional stress on business operations, especially for enterprises wherein IT security is not the main revenue-generating function. Additionally, without proper IT security and awareness training, a social engineering attack could expose the organization’s resources to ransomware attacks, resulting in complete business disruption. Without incident response planning, the enterprise will not know how to respond to such attacks and bring back critical business operations.

In order to mitigate any potential impact of cyberattacks taking advantage of the current situation, enterprises could focus on the following recommended solutions:

Recommendation #1: Implementing a stringent access management solution.

While an enterprise may not be able to secure each device of its employees, it could certainly deploy a stringent access management solution to provide access to sensitive information as per the requirement/profile of the user. For instance, providing higher privileges to employees working as system and domain admins or employees accessing critical systems to carry out operations such as financial transactions. Furthermore, scaling up multifactor authentication (MFA) to access critical apps and networks will further secure enterprise systems.

Recommendation #2: Securing remote-working tools.

Enterprises need to encourage employees to set-up security tools such as virtual private networks (VPNs) while accessing business networks. Furthermore, increasing patching for critical systems/infrastructures such as VPNs, RDP, cloud interfaces and end-point security will also help in minimizing system vulnerability. In order to safeguard data on the remote device, ensure employees have configured and enabled encryption software on their personal devices. Encourage usage of mobile device management (MDM) tools to help remotely lock devices, retrieve data or erase it, in case the device gets lost or stolen.

Recommendation #3: Focusing on shadow IT.

Employees often create business processes for the ease of their work, which may not have formal approval from the IT department. This may lead to remote employees not being able to access the resources created on their office workstations or local networks, thereby obstructing the smooth flow of their work. Enterprises need to ensure that such potent shadow assets should be accessible to employees in a secure manner for uninterrupted business continuity. Furthermore, any new shadow-IT systems created or used by remote employees should also be monitored on a regular basis.

Recommendation #4: Communicating regularly with remote employees about cybersecurity measures.

Businesses need to provide employees with regular updates and educate them on the varied social engineering methods, such as phishing, baiting, pretexting and others, used by cybercriminals to capitalize on the fear psychosis of people. They should actively discourage them to open any suspicious / phishing emails or attachments that ask for login credentials or other sensitive information. Remote workers should have ready access to the contact details of the IT support/crisis communication team for instantly reporting any crisis situation or suspicious online activity. They should be encouraged to report any unusual activity that may lead to any possible breach. Regular training on various cybersecurity tools would also help in securing the endpoints.

Recommendation #5: Widening monitoring system and creating a robust crisis management team.

Constant monitoring of systems and networks is the need of the hour, with most employees working from home, especially for detecting vulnerabilities in end-point, databases and networks. Despite all the above well-meaning measures, in case of any cyberattack, ensure that the enterprise has a robust crisis management team, that should be able to handle any crisis situation or breaches seamlessly and effectively. Employing a third-party organization specializing in IT security could be a good move, thereby, reducing dependency on already overburdened internal resources. Furthermore, a robust BCP/DR solution needs to be integrated in the enterprise IT security protocol. While business continuity strategies will ensure creating proactive plans to mitigate cyber-risks and business disruption, disaster recovery plans will help in providing a suitable response/solution in case of an event/breach.

The present pandemic situation poses various challenges for businesses to function in a consistent manner. The enterprise that would be more resilient in the face of these challenges would be in a better position to sustain in the long-run.

If you have any queries on how to safeguard your enterprise in the face of the current crisis, you can connect with our experts to know more.

Managing the multiple security aspects within your enterprise healthcare IT system is a tough task. Reach out to us and let our experts help you in fixing all your healthcare identity management troubles away with Avancer IAM solution!

Consult Experts
04/20/2020 / Cloud IAM (IDaaS), IAM Automation, IAM Best Practices, IAM for Industries, IAM In News

About the Author

Rajesh Mittal

With over 20 years of experience in Application Security, Identity Management and IT infrastructure related projects, Rajesh has a developed a solid understanding of all aspects of IT security field and has assisted clients, of all sizes, in almost all segments of their Identity and Access Management journey. His core competency and passion lies in integrating heterogeneous products, fostering innovation to develop new Solutions and solving customer problems quickly and effectively. He is VP of Technology and Co-Founder of Avancer Corporation and leads Technical Strategic Planning, New Business Development, Marketing and Business Expansion. Prior to starting Avancer Corporation, Rajesh’s entrepreneurial venture, he has worked with PWC Consulting/Entology/HSBC/ LG Electronics in various capacities developing IT security solutions spanning multiple geographies. Rajesh holds a BE in Electronics Engineering from University of Pune, and MBA in Finance and Leadership from Stern School of Business, New York University.

  • Next Post
  • Previous Post

Categories

  • Avancer’s World
  • Cloud Computing
  • Cloud IAM (IDaaS)
  • From CTO’s Desk
  • Healthcare IAM
  • IAM Automation
  • IAM Best Practices
  • IAM for Industries
  • IAM In News
  • IAM Product News
  • Identity & Access Governance
  • Industry Insights
  • IT Security
  • Security & Compliance

Follow us on

Visit Us On TwitterVisit Us On FacebookVisit Us On Linkedin

Avancer's Identity Bridge

  • What is Identity Bridge ?
  • Request for Demo
  • Partner with Identity Bridge

Integration

  • CIAM for GDPR Compliance
  • Privilege Account Management
  • Active Directory Management
  • Single Sign On
  • IAM Upgrade Accelerator
  • Identity Provisioning

Penetration Testing Services

  • Penetration Testing

IAM Services

  • Assessment Services
  • Architecture & Design Services
  • Implementation Services
  • Modernization
  • IAM Managed Services

IAM Resources

  • E-book
  • Data Sheet
  • Expert IT Security Blog
  • Case Studies

About Us

  • Milestones and Awards
  • Technology Partners
  • Clients
  • Press Release

Careers

  • Life At Avancer
  • Benefits Overview
  • Career Development
  • Training & Internship

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On Linkedin

Contact Us

Tel: (609) 632-1285

Fax: (609) 917-3009

E-mail: info@avancercorp.com

Avancer Corporation
30 N Main Street, Ste 201,
CRANBURY, NJ 08512

Avancer Consulting Services
2nd Floor, B2/80
Janakpuri, New Delhi
India – 110058

© 2023 Avancer Corporation. All Rights Reserved.
  • Privacy Policy
  • /
  • Terms of Use
  • /
  • Sitemap
  • /
I hereby agree that Avancer Corporation may use technically necessary cookies, analysis, and tracking cookies as well as marketing cookies to evaluate the use of the website and optimize the website and that Avancer may partially use my IP address.
Accept All Privacy policy
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT