The emergence of a global pandemic, such as the COVID-19 pandemic that we are experiencing right now, can greatly increase your risk of a data security breach or financial fraud. As businesses begin to rely on their remote capabilities due to various levels of social distancing, social isolation, and stay-at-home guidance, the risk of misconfiguration and unauthorized access escalates.
The anxious environment surrounding a pandemic creates opportunity for malicious actors to ramp up their efforts to infiltrate your systems and access confidential data—but there are ways to protect your business. Utilizing penetration testing during this time of uncertainty can help your company secure your systems and mitigate your risk of cyber-attacks and fraud. Here are five steps that your organization should be pen testing in order to ensure impenetrable cybersecurity during a pandemic.
1. Education
Educating employees on the heightened cybersecurity threats associated with pandemics is crucial. Training and instruction should be conducted to teach employees how to effectively spot a phishing email, how to safely surf the web, and how to securely conduct business as usual in their new remote environment.
Although education like this is normally done periodically throughout the year, in times like these, businesses should increase their efforts by sending reminder emails or hosting online seminars detailing how to avoid human error in these situations.
2. Social Engineering Testing
Cyber attackers will take advantage of the panic surrounding the pandemic. A malicious actor could send out a fake email supposedly from the CEO with the subject line “Important COVID-19 Information” asking employees to click on a link to view the information. Stressed employees may push aside their scrutiny and open the email or attachment due to their wariness of the pandemic—and just like that, the attacker is inside the walls.
Business email compromise (BEC) also continues to rise during this time. We have seen new COVID-19 related schemes target senior executives to release a detailed accounts receivable ledger. They then reach out to customers expressing the critical need for payment, while also changing the payment details using the COVID-19 pandemic as the urgent ruse.
Ensure that your guidance is sticking with your employees through social engineering testing. Send a purposeful phishing email and see who engages with it, or perhaps create a fake LinkedIn account and try to “connect” with employees of your business. These tests will expose any weak links in your trainings or determine who could potentially need more instruction.
3. Configuration Management
Businesses are rapidly implementing new hardware and software to adapt with the changing working conditions. This includes how employees are working together, as well as how you interact with vendors and business partners. Businesses will want to have strong configuration standards guiding how systems are built and software is configured, as well defined processes to ensure they adhere to the defined standards and to ensure business partners and vendors are compliant as well.
4. Multifactor Identification
During these times there will become a greater reliance on web based applications. The inherent risk associated with these applications presents a variety of opportunities for the bad actor. Multifactor identification is a great way to increase the security of your web-based data systems and stop hackers in their tracks. Establish multifactor identification in all of your web-based assets and encourage the use of strong passwords and passphrases.
5. Penetration Testing
Penetration testing is a live test of the effectiveness of security defenses by mimicking the actions of real-life attackers. These tests validate your existing asset configuration and patch management programs, identify your organization’s security posture against real-world attack vectors, and secure and prepare your organization against the latest external and internal threats.
Penetration testing will evaluate the effectiveness of your security posture by taking into account all of the factors above. During these particular activities, you want your pen testers to think as a hacker might during a pandemic. Capitalize on the anxiety and stress caused by a global pandemic and a newly remote workplace environment, and expose the gaps prevalent in your systems.
Conclusion
Pandemic situations may cause a period of instability within your organization—an unfortunate situation that hackers will try to take advantage of.
Don’t give them this opportunity. Initiate pen testing on all of the steps your company takes to protect against data security and fraud risk. Expose the vulnerabilities, close the gaps, and send hackers packing.
