Is data more vulnerable? Is infrastructure currently more insecure?
Rather than seeing fundamental changes or increases in attacks, the experts noted new themes. For example, there were many coronavirus-specific Phishing attacks based around the fact that people are constantly seeking updates and are more likely to be lured by anything “Covid”. Fake news about Covid-19 abounds. Criminals are registering domain names linked to the coronavirus theme, offering fake charities or fake sales of items such as face masks to encourage you to send money for products you will never receive.
It was noted that companies busy managing their day-to-day activities in a time of crisis may not be paying sufficient attention to the increased cybersecurity threats arising from these exceptional circumstances. A real issue is IT staff becoming too overstretched to deal with all of the current demands, leading to decreased vigilance. If the company would also be hit by a large cyberattack, they will not have the ability to detect in a timely manner or to cope with both the attack and the usual business needs.
Directors can update themselves on such threats as sites such as www.securitymadein.lu, www.c-3.lu and www.bee-secure.lu - the main online sources for cybersecurity in Luxembourg. Directors are encouraged to subscribe to their mailing lists to receive important updates, as well as invitations to topical events. The overall message was to be careful and remain vigilent - don’t click anything you are not sure of, and if in doubt, ask someone!
“WFH” - working from home
Whilst many Non-Executive Directors may be used to WFH, most would not have been doing this full-time, nor with their entire family also at home. Confidentiality still needs to be considered.
With all meetings taking place virtually, providers such as Zoom having seen the incredible increases of over 200 million new users over a matter of weeks. As a result, Zoom has received more attention and various issues raised – they have patched various issues, however whichever service you are using you should be aware of who is joining your call and avoid accepting anonymous participants. Where highly sensitive corporate information is shared, Directors might consider alternatives such as WebEx or Microsoft Teams. However, it would be wrong to think that any system is 100% secure – check terms & conditions, and consider the provider’s approach to patching and updating where issues arise.
It is important also for Directors to consider the psychology of being at home, and not to mix up personal and business habits. Try not to be tempted to click on websites or applications that you would not normally click on in the office. Always go to trusted websites for reliable information.