The extraordinary efforts taken by many organizations to ensure business continuity despite remote working during the COVID-19 pandemic have increased their exposure to cyberthreats. For example, Google detected 18 million daily malware and phishing emails related to COVID-19 in one week of April alone.
Indonesian companies are also faced with new fraud challenges arising from the increased move to e-commerce, adoption of digital and instant payments and the rapid rise of digital payment platforms. A recently announced customer data hack affecting millions of customers at Tokopedia prompted the Ministry of Information and Communication to request for a thorough internal investigation and to take necessary steps for ensuring safety of user data.
The fast changing COVID-19 situation calls for security teams to adopt a dual mission as their response to the pandemic: Maintaining continuity of operations and protecting against new cyberthreats. While most organizations started with a focus on continuity of business operations, it is becoming increasingly important to give equal attention to protecting against new cyber threats.
McKinsey's recent discussions with cybersecurity leaders suggest that certain actions are especially helpful to fulfill the dual mission.
First, make sure required controls are in place. Adopting technology changes can help the remote workforce maintain safe business practices:
- Accelerate patching for critical systems. Shorten patch cycles for systems, such as virtual private networks (VPNs), end-point protection, and cloud interfaces, that will help eliminate vulnerabilities soon after their discovery.
- Scale up multifactor authentication (MFA). Incorporate the use of MFA to access networks and critical applications. Prioritize users who have elevated privileges (e.g. domain and sys admins) and work with critical systems.
- Account for shadow Information Technology (IT). Prepare to transition, support, and protect business-critical shadow IT assets. Also keep an eye out for new shadow-IT systems that employees use or create to ease working from home.
- Quicken device virtualization. Cloud-based virtualized desktop solutions can make it easier for staff to work from home because many of them can be implemented more quickly than on-premises solutions.
Companies must also enable higher online network-traffic and transaction volumes by putting in place technical building blocks such as a web-application firewall, secure-sockets-layer (SSL) certification, network monitoring, anti-distributed denial of service, and fraud analytics.
Second, help employees understand the risks. Even with stronger technology controls, employees working from home must still exercise good judgment to maintain information security.
- Building a “human firewall” will help ensure that employees play a part to keep the enterprise secure:
- Communicate creatively. Security teams should set up two-way communication channels that let employees post and review questions, report incidents in real time, and share best practices; post announcements to pop-up or universal-lock screens; and encourage the use of existing communication tools for informal discussions.
- Focus on what to do rather than what not to do. Explain benefits of using approved messaging, file-transfer, and document-management tools to employees and promote the use of approved devices.
- Increase awareness of social engineering. Security teams must prepare employees to avoid being tricked by COVID-19–themed email, text and voice phishing campaigns
- Identify and monitor high-risk user groups. High-risk users should be identified and monitored for behavior such as unusual bandwidth patterns or bulk downloads of enterprise data to identify security breaches.
Third, review and refresh internal processes. Employees, customers and vendors all play some part in maintaining the confidentiality, integrity, and availability of web-facing networks. Several steps can help organizations to ensure that the activities of these stakeholders are consistent and well-integrated:
- Support secure remote-working tools. Security and IT help desks should add capacity or deploy security-team members temporarily at call centers to provide added frontline support.
- Improve incident-response protocols and fraud-prevention capabilities. Ensure SOC teams know how to report cybersecurity incidents. Normal escalation pathways must not interrupted because people are working from home. Organizations that support the execution of financial transactions should consider integration of existing fraud analytics with SOC workflows to accelerate inspection and remediation of fraudulent transactions.
- Help consumers solve confidentiality, integrity, and availability problems themselves. For example, Media providers may wish to offer guides to show users how to mitigate access problems themselves, particularly during periods of peak use.
- Confirm the security of third parties. Assess adequate security controls applicable for third parties and consider limiting or even suspending their connectivity until they remediate their weaknesses.
The actions described here, while not comprehensive, are helping many organizations to overcome the security difficulties they face and maintain their standing with customers and other stakeholders.
The authors are from McKinsey & Company. Vishal Agarwal is a partner based in the firm’s Singapore office, where Aman Dhingra is an associate partner, and Aastha Sethi is an analyst based in Gurgaon.
Disclaimer: The opinions expressed in this article are those of the author and do not reflect the official stance of The Jakarta Post.