The mass migration to home-based work or wfh desks involves massive corporate risks unless every stakeholder is clear about the cyber security mandate, know these tips to help you out.

As the COVID-19 pandemic sweeps the world, unprecedented levels of online activity are the new normal. This has led to the rapid increase in the risk of cyber-attacks, exposing vulnerabilities to the confidentiality, integrity and availability of key information systems.

This is forcing C-suite leaders to pay more attention to cybersecurity to safeguard company data, employee and consumer data privacy. Chief marketing officers (CMOs) in particular are in the spotlight as they must be more alert to heightened consumer sensitivity around suspicious online marketing activities arising from the current extreme situation.

In the face of the COVID-19 pandemic, and foreseeably in the post COVID-19 era, enterprises have to be cyber-resilient and adapt to changing workspace needs and consumer behavior. Here are some tips and insights that may be useful.

Challenges of moving to remote-working

  • Lack of hardware and devices for employees, students and teachers
    • Staff that do not usually work from home, or households that do not have electronic devices for all family members, will find it difficult to secure safe devices and training for secured electronic activities
  • Insufficient virtual private network (VPN) bandwidth for the number of people working from home
    • Due to the resource insufficiency, there is a risk for employees to start using home devices and storage which are not secured and therefore put corporate data at risk
  • Unsecured work environment
    • The Asia-Pacific region has a greater proportion of people living in apartments, often with parents or roommates. This work environment can also be a risk, allowing sensitive and confidential information to be overheard or overseen by non-employees both in public or private spaces
  • Increased cyberattacks under fear and uncertainty
    • Many cyber attackers are capitalizing / exploiting on the public’s fear of COVID-19, luring them to phishing emails, fraudulent news update and malicious sites

Top five risks of teleworking (WFH)

  1. Failure of service delivery due to breakdowns in end-to-end processes and access to information and systems, including the extended service delivery ecosystem
  2. The shift from ‘bricks and mortar’ to ‘virtual’ ways of working may lead to an unsupervised and demotivated workforce, impacting productivity, as well as a breakdown in effective decision-making and delivery of staff support functions
  3. Network performance may be impacted due to the significant shift of the workforce working remotely, affecting the ability to execute processes and deliver customer outcomes
  4. Appropriate data privacy and security controls may not be in place, increasing risk of security breaches
  5. Insufficient and underutilized remote working devices and tools may limit the ability of the workforce to perform critical day to day operations and deliver services

Five steps to mitigate risks

  1. Centrally manage and promulgate robust teleworking solutions to empower and enable employees, customers, and third parties
  2. Leverage role-based rather than location-based identity and access management solutions, analytics, and controls
  3. Establish second-factor or multi-factor authentication for formerly in-person processes, such as manual phone calls, a system of shared secrets, or other authentication controls relevant to the formerly in-person process
  4. Provide links to official resources for pandemic-related information to avoid the spread of disinformation within your organization
  5. Establish formal and transparent channels for corporate messaging to highlight what the enterprise is doing to address this pandemic

EY’s new ‘business as usual’ model

To test out remote working and ensure cybersecurity is guaranteed at all levels, EY has:

  • Conducted a 24-hour dry run test for EY’s VPN and network system with more than 8,000 remote workers
  • Utilized Microsoft Office 365 products to reduce the burden in EY’s remote connect software, allowing staff to continue to perform their best without having to log on to the VPN, at the same time maintaining high cybersecurity and privacy standards within the Microsoft system
  • Changed the idle period timeout on the VPN from eight hours to two hours
  • Increased the license for EY’s remote connect software

CMO roles now transformed

With more people spending time online for consuming and accessing information and services, the chief marketing officer (CMO) of all enterprises will have to reassess their role as they shift from a campaign-focused to a more customer-focused style of working.

A low-risk environment must be guaranteed as the market evolves and relies more on digitalization and data-driven strategies. In addition to maintaining close communication with their chief technology officers (CTOs) and chief information security officers (CISOs) to ensure market development does not disrupt critical services and information security, the new age CMO must understand:

  • Importance of data privacy: From a cybersecurity point of view, the CMO’s chief responsibility is to ensure that all teams understand the value and privacy of the data they are handling. Often, marketing teams have access to the “crown jewel” of the business—the customer relationship management (CRM) database—and have the ability to access the personal information of customers. It is critical that this personal data remains in the corporate cloud and is accessed remotely via VPN, and that is it not downloaded to home computers to design, create and run campaigns.
  • Unstable cloud operations: Separate, non-IT approved clouds should not be set-up: this only fragments customer data more, and potentially exposes it to an insecure environment, and can even breach regulation if the cloud is not in your home country.
  • Third-party risks: CMOs should always think: with whom are you sharing your company’s most trusted data?  No matter if it is contracted firms or temporary employees, make sure their cybersecurity controls are as good as yours.

“COVID-19 is proof again that cybersecurity has to be maintained across all sectors at all times, and businesses must constantly review and ensure maximum levels of preparedness. If, another global emergency comes again, we hope that all businesses can adapt and be ready for it.” — Kris Lovejoy

“COVID-19 is currently challenging organizations across the globe to adapt and reprioritize critical business functions. An organization’s ability to protect its remote workforce, valuable information assets and respond quickly to a cyber incident will be vital for navigating this period of uncertainty.

The rise of remote working and online consumption has triggered a new wave of cybersecurity risks, endorsing C-suite and senior leaders to form much closer relationships to improve overall business understanding of cybersecurity. As chief marketing officers (CMOs) connect marketing with customer experience by possessing sensitive personal data, they are creating more value than ever in meeting the mark of ‘security by design’ to earn trust from customers.” — Richard Watson