The American Chamber of Commerce of Trinidad and Tobago (AMCHAM T&T) is encouraging companies to invest more around cybersecurity tools and policies to protect their digital assets and workforce during the ongoing COVID-19 global pandemic.
At a Webinar hosted by AMCHAM on “Navigating The Pandemic: Cybersecurity” Senior Trade and Policy Specialist, Melissa Pierre said the pandemic has created new opportunities for criminals to disrupt business. “We already know that opportunistic criminals and other malicious actors have been using the internet and other rapidly evolving technology such as apps and mobile smart devices to compromise an individual or company’s financial and digital assets. Amidst a global pandemic where social distancing, economic disruption and remote working have now become the norm – this has created the perfect setting for criminals to induce further shocks and disruptions to both our economic and health systems.”
“It was just a matter of time for hackers to take advantage of a remote workforce, or an unsuspecting customer plugging in company credit card details or other important company information on an unsecured network,” she said.
Vernon Jeffery, Chief Strategist at Readiness Associates which provides disaster and emergency preparedness services to healthcare organizations, says while no one could have foreseen entire companies going remote, this situation has created its own unique set of cybersecurity challenges.
“Ultimately, to protect their teams of employees and company sensitive information, organizations should endeavor to implement a singular cybersecurity policy that will follow a person around wherever they go; on every device that they use, that will protect them from everything from malware to ransomware to nation-states, who are trying to steal their credentials, and as well can protect the company from bad behavior if it should occur.”
Shanna Utgard, Success Manager at Defendify, which is a cybersecurity platform designed specifically for small businesses suggested Five (5) top tips for companies to secure their remote workers during COVID- 19. They are:
1) Secure and test remote connections – Hackers frequently exploit out-of-date firewalls and VPN connections. Companies should ensure all devices on their network are up-to-date and “patched” i.e. messages received to update apps or operating systems on phones and other smart devices. The connection tool i.e. VPN or tunneling tool coming from the employee’s home and back to the corporate network should be secured and using two-factor authentication in addition to just a password.
2) Run a Cybersecurity assessment – When working from home, companies will need to perform self-assessments to walk through the cybersecurity controls; and identify what has changed with their infrastructure and overall IT posture.
3) Set work from home expectations – It is important to set various policies and plans when working from home.
- Companies should have a “Technology and Data Use Policy” that prohibit employees from using their personal devices that are out-of-date from accessing company data.
- Companies risk insider threat when employees leave sensitive information accessible on their personal devices and risk of infections on personal devices spreading to the corporate network.
- Companies should ensure that employees are saving all documents and corporate information to the Corporate Network or a cloud file hosting service and not to their device desktops.
- Companies should also try to use encrypted file storage solutions and avoid sending attachments through email because most email services do not encrypt attachments.
4) Train your team – Due to distractions at the home, companies should invest in training employees to use new technology at home that they are unfamiliar with to prevent information from being stolen
5) Revise the Incident Response Plan – Companies should create a culture for employees to know what to do if they suspect an incident and to report issues when they occur. It is recommended that companies provide clearly defined support communication channels and a paper copy of the incident response plan to employees.
Utgard stated hackers have tried to infiltrate the networks of users through suspicious registered domains and phishing schemes since the onset of the pandemic. “There have been more than 40,000 new registered domains that reference coronavirus terms. These attackers are buying up these domains and they’re starting them up and making these malicious websites and they’re also using these domains to send these phishing attacks. First, it was warnings from the CDC and the World Health Organization, then it transitioned to new cases have been reported in your area.”
Hackers are also aiming their sights on information regarding social relief assistance programs as countries start to flatten the curve. “We’re starting to see the attacks transition into disaster relief. So, a lot of the theme of these emails now are related to Grants and Loans, small business relief, paycheck protection, all of those types of attacks.”
Anthony Subero, Chief Risk and Compliance Officer at Hitachi says T&T will have to accelerate its digital transformation because of COVID-19. Outlining the Transition and Transformation Tracks cited in the Road to Recovery Committee’s preliminary assessment report, Subero says, “If you look at the second block in both tracks, the digital transformation track plays a key enabling component to that road to the recovery strategy.”
“What that inter-connectivity and movement of data and storage of data mandates is the need for proper cybersecurity, but it also drives the conversation towards data privacy and protection of confidential data for your consumer. Once you move into the Internet, you are open at two levels: one is for an increased number of attacks and as well as the ability to compromise your data or shut down their service. To mitigate these threats, you have to adopt more effective cybersecurity and privacy programs which are strongly embedded in the Enterprise Risk Management framework.”
With more people working from home and exchanging in the sharing of information online, Daniel Gaudreau, Executive Consultant at Hitachi says companies need to be able to evolve with their digital environment as the technology is evolving. He says companies must also build trust with consumers during this exchange of information particularly as they manage their digital transformation journey.
“Cybersecurity and privacy need to be part of the basic requirements of any business that is moving forward to the digital transformation. If you are making use of Technologies, you are making use of data and you need to make sure that protecting that information and privacy of your customers and employees are part of what would be considered on a day to day basis.”
The “Navigating The Pandemic: Cybersecurity” Webinar was envisaged and designed by AMCHAM T&T to help companies adjust to the disruption caused to business by the COVID-19 global pandemic. It is also, part of our Digital Transformation Series which we are hosting over the next couple of weeks to continue the dialogue, engagement, and information sharing we started at last year’s Tech Hub Islands Summit (t.h.i.s.) Conference. AMCHAM T&T would like to thank our sponsors Republic Bank, PwC, Digicel and our partners at Trinidad Systems Limited (TSL) for their support to host this Webinar.
For further questions or comments please contact: Nirad Tewarie, CEO AMCHAM T&T at niradtewarie@amchamtt.com.