The U.S. Health and Human Services Department has already suffered a cyber-attack on its computer systems. Businesses should expect cybercrime to increase over the next several months. As the COVID-19 outbreak is redirecting IT resources and manpower to support remote workers, there is increased opportunity for hackers to mount attacks.The opportunities come from several areas.
The first is where IT staff begins to feel the pressure to just “get it done.” This pressure leads to bypassing security measures to complete tasks in a shorter timeframe and improve network performance. It is important to convey to IT staff that security must not only be maintained, but increased. This will necessitate a show of patience as risk assessments are made before going live with network changes.
The second is with more remote workers, the business network is becoming larger. As workers begin to use home machines to connect to the work network, they give the network a larger attack surface. Home machines often run older operating systems or contain a good bit of unpatched software. These vulnerabilities become incorporated into the business as the machines connect. Risk assessments need to consider these increased vulnerabilities.
The third involves more distracted users that are operating in new ways. As the normal routines of users are disrupted, it becomes easier for them to fall for phishing. It also becomes easier to believe that someone from IT needs them to enter their password into some website to “test their remote access,” or it may seem more reasonable that the COO would be asking for an emergency disbursement to be made. Employees should be cautioned to be on increased alert for phishing that uses these types of ploys.
Contact Will Coleman at will.coleman@cohencpa.com, Jim Boland at jboland@cohenconsulting.com or a member of your service team to discuss this topic further.
Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.