When the COVID-19 pandemic struck, a lot of companies were forced to quickly relocate employees and transform their IT infrastructure to keep their operations running. But in their haste, did they forget to consider cybersecurity risks?
Security breaches were headline news on several occasions during the public health crisis, with incidents affecting the Montreal Transit Corporation, the Jewish General Hospital, and the CIUSS Centre-Ouest.
“This is just the tip of the iceberg,” says Yves Paquette, president and founder of NOVIPRO, a firm specializing in IT and cloud computing solutions for business. “No one is safe. No one can claim they’ll never fall victim or that cyberattacks only happen to others.”
It’s now evident that most organizations failed to review their cybersecurity practices after scrambling to adjust to new pandemic-driven work methods.
“We tend to take IT systems for granted until there’s an issue. That’s when we realize how essential they are,” explains Dominique Derrier, chief information security officer at NOVIPRO. He likens corporate cyberattacks to fires. Everything gets destroyed and you need experts stamp out the flames, check the building, clean up the mess and rebuild the structure. Cyberattacks hit you in the pocketbook and in the heart.
Identify critical assets
Before an organization can improve their cybersecurity and reduce risks, it first has to determine which of its assets are essential to their operations. What drives your company’s profits? Is it your employees? Your e-commerce platform? Your manufacturing equipment? Your data?
“You need to protect your ability to generate value,” advises Mr. Derrier. To illustrate, he cites companies that are relying on online sales to get them through the COVID-19 pandemic. “To prevent cyberattacks, we’ll review your transactional site’s management processes, provide training to the employees who operate it, update the tools that support it, and review the various checks and balances that need to be carried out regularly.”
In other words, companies need to lock each and every entry point to their systems and strategic assets. If you leave one door open just a crack, cybercriminals will find a way in, warns Mr. Derrier. It can be as simple as a single email with a fraudulent link. That’s all criminals need to get their foot in the door and gain access to the company.
Telecommuting has only made things worse
In the early days of the pandemic, a lot of companies asked their employees to work from home. This shift increased their vulnerability to cyberattacks because it gave criminals that many more potential points of entry. When you expand the attack surface, risk goes up in a way that’s hard for companies to measure if they haven’t taken the right security measures.
“Technology is evolving at breakneck speed and so are cybersecurity rules,” Mr. Paquette explains. “This means companies have to constantly assess their risks.”
To stay on top of things, businesses should enlist the help of experts who are up-to-speed on the latest threats, can help you spot system vulnerabilities and recommend effective protective measures. According to NOVIPRO’s president, too many companies make cybersecurity decisions without consulting a specialist. As a result, the measures they take to block attackers end up being insufficient or altogether ineffective.
For instance, a manufacturing company might acquire equipment to control their production line remotely, but then forget to change the default passwords. This leaves them exposed to hackers, who could access their data and ultimately take control of company machinery.
An ongoing effort
Once a company succeeds in identifying all risks and setting up firewalls to keep cybercriminals out, they still can’t let their guard down.
“Risks need to be managed on an ongoing basis, and that can be challenging. You have to be ready to adjust to changing risks,” advises Mr. Derrier before adding that business leaders should remain calm despite the rise in threats.
