Building up cyber defence resilience in a post COVID-19 world

Edmund Yick June 16, 2020 09:59

Since the start of the outbreak, as much as 70% of businesses in Hong Kong has adopted work from home arrangement. Even as the outbreak eases in the city, a study by Lingnan University revealed over 80% of local employees prefer continuation of home working arrangement and want at least one day of work from home per week.

However, HSBC shared in a study that only about 8.5% of standing of cyber security best practices.

Alarmingly, the Hong Kong Computer Emergency Incident Response Team Coordination Centre (HKCERT) recorded a 45% increase in cyber security attacks in Q1 2020, as compared to Q4 2019. Cyber-attacks in the name of coronavirus including personal data theft, malware and money fraud have also increased dramatically since February.

With thousands of newly remote workers unaware of basic security measures, a new layer of vulnerability to cybersecurity from the point of individual access was created.

At the same time, companies are struggling to properly secure externally-accessed systems, while cyber criminals become increasingly proficient at mimicking emails from health authorities.

In order to enforce a comprehensive business continuity plan, cyber defense resilience should not be overlooked. Extensive remote working will have a big impact on infrastructure that will require different security approaches. Here are some top tips for Hong Kong businesses looking to build up their cyber defense capabilities with the surge of work from home arrangements and in a post COVID-19 world:

Plan ahead with responsiveness: Draw up contingency plans and address to new and evolving threats. Engaging in cyber crisis simulations can also help, and while conducting them remotely could be challenging, it might also prove more realistic. At the same time, it pays to think of cyberattacks as a question of “when” as opposed to “if”. Be aware that your preventative measures can only realistically go so far and be ready to respond fast in case of a breach.

Extend current policies: Cybersecurity policies should now be able to manage remote-working access, use of personal devices and updated data privacy considerations for employee access to documents and other information. Without the right security in place, any devices used to access your corporate network will leave the whole system vulnerable to hacking. Monitor shadow IT and only stick to approved apps and solutions wherever possible.

Defend against phishing: Phishing emails are the most common type of cyberattacks in Hong Kong, with as much as 77% of local businesses affected. Invest in training to keep your employees defensively aware of these incidents or try simulating attacks that promise recipients information about COVID-19 or masquerade as IT helpdesks performing work from home checks.

Test and Patch: Make sure that your remote access systems are fully patched and securely configured, keep on reviewing protocols and procedures in real time to identify vulnerabilities and potential loopholes.

Provide clear guidance for employees: Management should set up clear and easy-to-follow policies that empower employees to make their home-working environment secure. This should include instructing employees to communicate with internal security teams about any suspicious activities.

-- Contact us at [email protected]

Edmund Yick

General Manager of Orange Business Services in Hong Kong and Taiwan