We live in interesting, scary and stressful times, when the usual social and business norms have been catastrophically upended. For businesses as well as individuals, past concerns about cybersecurity have evolved. How can we pivot to the new reality and respond?
According to cybersecurity and privacy expert Chris Moschovitis, there are things we can do. Moschovitis is cybersecurity (CSX, CISM) and Enterprise IT governance (CGEIT) certified, and has written two books on these subjects: "Cybersecurity Program Development for Business: The Essential Planning Guide" (2018); and "Privacy, Regulations, and Cybersecurity: The Essential Planning Guide" (to be published in 2021).
Charlene Weisler: How have cybersecurity issues changed since the pandemic began?
Chris Moschovitis: They have not necessarily changed, but they have increased. Unfortunately, both nation-state-sponsored hackers and organized cybercriminals have no qualms about kicking us when we’re down.
And that’s what is happening. Campaigns of disinformation, plus ransomware attacks against healthcare facilities, have increased.
Weisler: How can we best protect ourselves from hackers and phishers now?
Moschovitis: The best way to protect ourselves is to be aware that attacks are increasing in frequency and sophistication. We are particularly sensitive, depressed, and on the edge, hungry for information, and looking for news about a cure or a vaccine.
Beware of phishing emails capitalizing on this stress, and be particularly careful of “medical alerts” from government bodies.
The CDC, WHO, and the local governments will not be sending emails out asking you to supply your personal information or clicking any links. I
nspect the sender’s email address, and read the URL very carefully to make sure it’s not a spoof. For those in IT or cybersecurity that work in healthcare, you need to recognize that you’re a target and act accordingly.
Weisler: What advice can you give companies whose employees are now working from home regarding cybersecurity?
Moschovitis: Teleworkers represent a real threat to corporate networks. That is because they are usually using their own computers that are not as protected as the corporate ones. As a result, it is critical that corporate IT departments allow remote connectivity through carefully monitored tunnels, and expand the umbrella of corporate cybersecurity protection to include remote workers.
The teleworkers themselves need to remain vigilant in terms of maintaining their home computer “clean” and up-to-date with operating and application security patches, current antivirus/antimalware software. Exercise extreme prejudice on any email that’s asking for personal information, money transfers, or providing links for downloads.
Weisler: Is privacy still a concern? Don't we want to share more in this environment?
Moschovitis: Privacy is always a concern! We may be forced, for example, to share geolocation and behavioral data to the government in an attempt to monitor potential COVID outbreaks. This is already happening in some countries, and it is starting being discussed here in the U.S.
As with everything, it will be a tradeoff between the benefit that we individually and collectively as a society will receive, versus the lack of privacy that may be required. Keep in mind that once the horse leaves the barn, it is extremely difficult to put back in. So, if we grant access to all this information, we may never be able to revoke it, all in the name of one valid reason or another. We need to be at peace with that decision.
Weisler: Do you think this is a new normal that will last after the pandemic?
Moschovitis: Yes. This pandemic changed the world forever. Telework became a new norm, and the need for it proved that we don’t need as much office space and density as we had in the past.
Media and entertainment will also be severely impacted (movie theaters, theaters, concerts), especially as the numbers come in that will confirm what most entertainment executives knew: On-demand is cheaper to distribute and brings in just as much money as a theatrical release.
Finally, on the media platform side, there will be a “reckoning.” Facebook, Google, etc., will have a very difficult time justifying a hands-off type of curation while millions die from disinformation posted on their platforms, and democratic institutions shudder.
We will be dealing with the aftermath of this pandemic for years, and our world will never be the same. It is my hope that we can all get together and work to get this transformation right!