business continuity and coronavirus
17
Mar

4 Cybersecurity Challenges affecting Business Continuity since the Coronavirus Outbreak

business continuity and coronavirus

With the rise of coronavirus (COVID-19), businesses around the world are facing major disruptions. They are struggling to continue business operations and secure their corporate assets. At the same time, employees are combating a tough fight against the virus itself. To make things worse, cybercriminals are riding on this opportunity, trying to make the most of the situation. A couple of weeks ago, Proofpoint researchers discovered coronavirus-themed attacks. Apart from the increase in malicious messages, experts observed a form of attack budding on the fear of purported unreleased cures for coronavirus.

Amid the spread of this global pandemic, employers are tossing between allowing their employees to work from home or continue to operate from the established offices. Regardless, organizations need to consider the risks associated with their data security and data privacy in the wake of potential impact.

As coronavirus is not only affecting one’s health but also the continuous growth of businesses, it is time for them to expand their IT disaster recovery and contingency plans to address unforeseen scenarios. Enterprises need a plan that covers all possible types of fabricated attacks during the rapid emerging outbreak of COVID-19.

Address These Cybersecurity Risks in the Wake of Coronavirus

security risks

 

With threat actors entering the picture, enterprises and their management board should consider the listed security risks that have surfaced after the birth of COVID-19.

1. Phishing frauds thriving on fear

Recently, WHO released a warning, alerting individuals to beware of the phishing emails appearing from “WHO representatives.” These emails ask for sensitive login credentials or encourage individuals to either click on a link or download malicious software. Other renowned publications also came forward, showing similar phishing scams that seemed to be generated from ‘authorized professionals.’

coronavirus-themed phishing scam

Source: Wired

How to mitigate the risk?

In such a situation, organizations should raise awareness to make their employees follow valid COVID-19 related alerts and subscribe to official institutions only. For instance, The Office of Homeland Security Cybersecurity and Infrastructure Agency (CISA) published its insights on ‘Risk Management for Novel Coronavirus.’ Furthermore, the management team should concentrate on finding a secure way to communicate with their employees.

2. Challenges of working from home

For smooth business operations, companies may decide to permit their employees to work from home. In that case, employees may use a VPN to access the company’s network remotely. Evidently, in today’s world, dependency on VPN not only exposes sensitive data to security risks but, with the adoption of cloud services, multiplies the existing cyber risks exponentially.

How to mitigate the risk?

The increased network traffic on VPN exposes the larger community to security risks. The solution to this problem may start with the patching of installed software regularly. But the inability of IT representatives to be available on various remote sites adds on to the primary challenge. Companies should accommodate a disaster recovery plan that can deal with the issues of a remote workforce. The plan must contain timely solutions to address all the associated problems.

3. Accessing sensitive data on public Wi-Fi

Do not presume that employees will use corporate assets on a safe wireless network. A few may expose corporate accounts to insecure public Wi-Fi networks. Cybercriminals can attack these networks to gain unauthorized access to sensitive data. For instance, when an unencrypted form of information is transmitted through an unprotected network, a threat actor can intercept it to steal the data.

How to mitigate the risk?

The best solution to prevent the theft of information is not to disclose sensitive data on unknown public networks. Apart from that, use SSL (Transport Layer Security) connections to set up a layer of encryption for all your communications. Employees can do this by enabling the “Always Use HTTPS” option that will protect their login credentials even on public Wi-Fi.

4. Easy Communication for Outsourced Services

The dependency on third-party service providers can also affect the business after COVID-19’s ill-effects on the outsourced parties. Especially if the enterprise is relying on these providers for critical services, including specific IT operations, website management, or many others. The viral outbreak can lead to disruption, creating loopholes in the existing system.

How to mitigate the risk?

To deal with the issue, the company must consider a factor addressing supply chain management. This plan should help the IT team to identify and connect with alternative service providers quickly.

To learn more about supply chain, watch Dr. Merrick S. Watchorn explaining how Cyber Supply Chain Risk Management works to protect corporate and client information:

Under critical circumstances, organizations should review their existing business continuity and disaster recovery plans to address the challenges born out of a pandemic. The program should be able to adapt in the face of additional changes.

A specialized disaster recovery plan steps should include pandemic events, such as COVID-19, and must possess the following –

  • Inclusion of a proactive program that ensures the firm’s business operations will run uninterruptedly during a pandemic event. It will work on smooth communications and coordination with third-party service providers.
  • The documented plan must identify and follow the company’s process and controls.
  • Contain a framework that covers all the business locations of the enterprise and check whether they are capable enough to continue regular business operations.

Learn how to build a holistic yet flexible disaster recovery and business continuity plan with the EC-Council Disaster Recovery Professional (E|DRP). The program helps professionals develop skills with which they can build, strategize, implement, and maintain a disaster recovery plan. It will ensure steady business operations. Under E|DRP, you will learn to conduct business impact analysis, risk assessment, policy and strategy development, and a lot of other skills. Join E|DRP today for saving a business from falling prey to unexpected events like coronavirus!

Don’t wait for potential impact. Learn to create a sound disaster recovery plan

Get certified in the top cybersecurity skill of 2020!

Faqs

What is a business continuity and disaster recovery (BCDR) plan?
Business continuity and disaster recovery plan ensures uninterrupted business operations when the company hits by an unexpected event. This plan manages to reduce the downtime and speed up the restoration process of systems.

Read more: 8 Things to Add to Your Cyber Disaster Recovery Plan Checklist

What is the difference between business continuity and disaster recovery?
The key difference between business continuity and disaster recovery is that the business continuity plan (BCP) focuses on steady business operations during and immediately after the event, while the latter deals with the effects of the event so that the system can return to normal.

Read more: Emerging Technologies That Will Shape the Business Continuity/Disaster Recovery Landscape

Why are business continuity and disaster recovery plans important?
The business continuity and disaster recovery plan is vital for saving a lot of downtime and money. Also, it will help in restoring a customer’s faith in the brand.

Read more: The Importance of a Disaster Recovery Plan for Business Continuity

For a career in DR/BC, what cert/training should we go for?
You can go for business continuity and disaster recovery training by some of the leading cybersecurity credentialing bodies. Some business continuity training focuses only on the business continuity and not disaster recovery. So, the disaster recovery program you select should combine both business continuity and disaster recovery.
get certified from ec-council

1 Response

  1. Pingback : My Homepage

Write for Us
eccouncil track