Cyber Awareness Leads To Better Cybersecurity

A decline in operations during the COVID-19 pandemic is leading to an increase in risk for many organizations. When data or networks are idle and not being monitored as frequently, they make easier targets for cybercriminals.

In addition, stress and a lack of clear direction during the pandemic may create unintentional insider cyber threats.

Phishing attacks related to COVID-19 are increasing and many appear to come from a legitimate organization. Trojan attacks often trick employees by masquerading as "important updates, financial rescue packages, or emergency benefits."

Cybercriminals can steal money from an organization through the use of ransomware. Organizations should protect their finances from a cyberattack by improving their financial payment release structure and watching for large, non-standard payments.

Backups of critical systems are essential during the pandemic. Create multiple backup locations and check that they are performing correctly. Regularly back up data off-line.

Finally, organizations should improve their incident and crisis management systems and link them to actionable contingency plans. Have a backup channel for communicating throughout your organization in the event that your network is compromised. Brent Whitfield "How to Minimize the Risk of Insider Threats (Physical and Cyber) During COVID-19" (Jun. 16, 2020).



Additional cybersecurity training for your employees should supplement, not replace, your routine cyber training, updates, and reminders. Share your organization’s cyber policies and guidelines any time work situations for employees change.

Remind employees of cybersecurity best practices, paying particular attention to areas of increased risk. Go over top recommendations, including using strong, unique passwords; enabling two-factor authentication; and protecting all devices with up-to-date anti-virus and firewall software. Require employees to encrypt data on laptops when working remotely. Train them to avoid plugging in USB drives, which can be loaded with malware.

Train employees to watch for incorrect grammar, spelling, and punctuation as well as design flaws in emails, which could be a sign of a phishing scam.

Confirm that employees know whom to contact if they fall victim to a cyberattack. If possible, create a helpline or online chat line for employees who have cybersecurity questions. Encourage employees to ask first if they think an online practice could be unsafe.

Finally, your opinion is important to us. Please complete the opinion survey: