The COVID-19 pandemic has changed the way many companies work, now and for the long-term. The humanitarian crisis has caused widespread economic impacts – but that’s not the only threat businesses are facing. As companies continue the shift of workforces (some partially, some completely), cyber criminals are taking quick advantage of these changing work conditions.
The “human layer” of organisations is being targeted – as many researchers note is the weakest link in chain of cyber defence. Cyber criminals are now targeting COVID-19-related fears among the population with working from home becoming new gateway for hackers. According to recent Deloitte research, one quarter of all employees have noticed an increase in fraudulent emails, spam and phishing attempts in their corporate email since the beginning of the COVID-19 crisis.
With a noticeable increase in cyber-attacks and more potential points of vulnerability, it’s now business-critical stay informed about one of the most significant modern threats to companies - cyber security.
Why is cyber security important?
Any device that’s connected to a network can be a potential cyber security risk. This includes desktops, laptops, servers, software applications, and data transmitted across a network – the largest of these networks being the internet. Cyber criminals target vulnerabilities and points of weakness, meaning that no matter whether you’re an SME or enterprise organisation, cyber security is a critical aspect of keeping your business, and its data, protected.
Katrina Doring, COO of JCurve Solutions (ASX: JCS), is ultimately responsible for the company’s security and IT systems and explains, “Cyber security is incredibly important to JCS. We have several cloud-based products with over 600 customers using them. We need to make sure our customers and products are protected at all times. The advent of COVID-19 has created additional challenges with our workforce shifting to a work-from-home model.”
Mark Barton, Senior IT Consultant and responsible for JCS’ IT systems and infrastructure adds, “Cyber security is important to me because it not only protects our data, but also our clients’ data. It’s critical that our clients know their data is always safe with us.”
As many high-profile cyber security breaches in recent years has demonstrated, it’s not just about keeping your company data safe. It’s also imperative to keep your valued customers’ data safe.
"The way that companies and their employees work has evolved, and so the focus on cyber security needs to evolve with it. Your security is only as strong as your weakest link."
Vulnerability to cyber attacks
Phishing email and WhatsApp messages that trick users into sharing personal information including usernames and passwords or clicking malicious links and attachments. Cyber-criminals can then install malware onto user devices in an attempt to steal information.
A common scam right now is a fraudulent message which pretends to come from the World Health Organisation, telling the user to click a link to receive information about coronavirus. Such messages will often ask the recipient for sensitive information including usernames and passwords.
Many countries have instituted dedicated cyber security initiatives to inform and educate the public. See the Australian Cyber Security Centre for one example of this. Keeping your team informed of the latest developments and reinforcing the importance of cyber-diligence can go a long way to minimising the risks.
Protecting your mobile team
More employees are now working from home than ever before but ensuring data security still needs to consider protection inside and outside their homes. Use of public Wi-Fi, for example, can be a major point of vulnerability. JCS has a policy of public Wi-Fi being disallowed for all employees due to the increased security risk.
For those using home or private networks, 2FA (2-Factor Authentication) can be another simple way to boost security and reduce the risk of hacking and identity theft. And for those connecting to company servers, a VPN can facilitate a secure connection between user devices and those servers.
Mark comments on a few of the security measures JCS currently uses to protect employees, “All JCS employees have laptops that adhere to our ISMS policies including encryption, 2FA (2-factor authentication), and best-in-class cloud-based applications. This enables us all to work from home or remote location at any time, without interruption.”
"It’s critical now more than ever to protect your sensitive business data. Making sure your business software is up to scratch with security is essential to helping all employees work securely and effectively – from wherever they are."
Cyber security and business continuity
Cyber attacks and data breaches can significantly disrupt or even cripple a business. Data ransom, data loss, and compromised personal and financial data can wreak havoc and impact operations with extended downtime and devoting resources to fixing data issues. Even a single incident can result in lost productivity, decreased revenue, and a severely damaged reputation if your customer data is compromised.
Cyber security and a BCP have often been thought of as two very separate disciplines, but is it now time for them to become inextricably linked? Integrating cyber security into your BCP can help strengthen your overall business continuity, make your data protection more robust, and enable fast, effective responses to cyber-attacks or security breaches. Particularly with the rise in cyber-attacks throughout COVID-19, creating a cohesive strategy paves the way for operations to continue throughout unforeseen changes.
As Mark explains, “A BCP enables the company to deal with unforeseen threats to busines continuity including loss of power, loss of internet, cyber security attacks, and a range of other threats. When COVID-19 hit, we already had a clearly defined BCP in place, which meant we could swing into action and get all staff working from home very quickly.”
Protecting your valuable business data
The systems which run your business are the most critical. Without these business management systems, you’d be back to managing paper trails and spreadsheets. Many companies start out with accounting packages such as Xero or MYOB. As they realise the profitability benefits of running a single platform for all core business data, many evolve to an ERP system like SAP or NetSuite. Cloud-based ERP systems take the benefits a step further, providing secure, anywhere access to your valuable business data.
NetSuite is one of the primary systems that JCS employees use daily across finance, purchasing, sales and marketing, HR and payroll, employee data, and more. First established in 1998 (the same year Google was founded), NetSuite is widely recognised as the first true cloud ERP system. Needless to say, cloud security has always been a priority for the company – as it should be for any ERP provider. If you’re considering moving to an ERP solution, it’s advisable to dig deep into the security features before making an investment decision.
Some of the key aspects that keep NetSuite users’ core business data safe and protected include:
- Transmission encryption of all user credentials, along with all data in connected sessions with industry-standard protocol and cipher suite.
- Full audit trails of activity logged for every user.
- The ability for administrators to set up strict password policies that ensure the variation and complexity needed to create robust user passwords.
- Role-level access that ensures users only see the company-sensitive information relevant to them.
- Idle disconnect policies which users out after defined periods of inactivity – minimising the security risk of a lost or unlocked laptop.
The company has also deployed a network of third-party vulnerability assessment tools that receive daily updates on vulnerabilities. These tools are used to regularly assess the patch status and vulnerability risk of its software and services.
Regardless of which business systems you’re using, it’s critical now more than ever to protect your sensitive business data. If you’re unsure of the security measures your current business software employs, it could be the right time to review. Making sure your business software is up to scratch with security is essential to helping all employees work securely and effectively – from wherever they are.
"IWorking with software vendors and systems providers that uphold the same high standards of security as your own organisation ensures an all-round secure environment in which employees can operate safely and confidently."
Managing security across multiple locations
JCS has multiple locations across the Asia-Pacific region, including Australia, Singapore, and the Philippines. This presents certain challenges – but also opportunities in leveraging international standards, such as ISO security standards.
Separate BCPs are generally required for separate countries. Differing laws and regulations for countries mean that staff need to be aware of region-specific BCP considerations. JCS adopts the standard of laws and regulations being determined by employee location, for example, when working in Australia, the Australian laws and regulations become the highest authority. JCS has also adapted its ISMS (Information Security Management System) standards for each country.
As Katrina explains, “JCS has introduced our ISMS (Information Security Management System) which covers everything from user access to IT security protocols, risk management, change management, and more.”
This forms an important part of how to address cyber security risks and threats, ensuring that the laws and regulations of each location are considered when developing BCP and ISMS standards.Mark adds, “We’ve modelled our ISMS policy on ISO security standards, which are the international standards to follow for security. Any security incidents are tracked. We continually identify and monitor risks across locations.”
Lessons learned from cloud software experts
A holistic approach to cyber security means not just being reactive to events that have already happened but also proactive through active involvement in a wider security-focused community.
This is demonstrated brilliantly by NetSuite, who is committed to tracking cyber security incidents by subscribing to US-CERT and the National Vulnerability Database, and actively monitors feeds from key software vendors including Oracle, RedHat, and Microsoft. The company maintains relationships in Infragard, OWASP, ISC2, ISSA, and IEEE and measure activities annually to ensure it adheres to high standards – also including these metrics in its ISO27001 audit and certification.
NetSuite takes prompt action on vulnerabilities noted by US-CERT which enjoy sharing agreements with CCIRC, AU-CERT, and others. This approach also provides a framework for monitoring and tracking specific threat information.
Additionally, NetSuite security team members are formally obligated to maintain security certifications and complete CPE hours to maintain such certifications as part of ongoing currency with general security topics.
JCS delivers a number of cloud solutions including NetSuite ERP solutions, Riyo service management software, and TEM (Telecom Expense Management) solutions. It’s therefore imperative to regularly check the certifications and compliance of every provider of software and systems in use.
Working with software vendors and systems providers that uphold the same high standards of security as your own organisation ensures an all-round secure environment in which employees can operate safely and confidently.
"Keeping your team informed of the latest developments and reinforcing the importance of cyber-diligence can go a long way to minimising the risks."
The evolution of a secure workplace
The way that companies and their employees work has evolved, and so the focus on cyber security needs to evolve with it. Your security is only as strong as your weakest link – but these links can be strengthened through:
- Staying informed, and informing your team, about the latest risks and developments
- Incorporating cyber security into your BCP
- Understanding the security measures your business software employs – looking for software that emphasises security
- Having security plans in place that cater for multiple locations or countries
- Learning and taking note from corporations with extensive experience in the cloud software business
There are also plenty of resources with tips on cyber security when working from home, including this in-depth article from the Australian Cyber Security Centre. Sharing this kind of information with your team or employees can help keep everyone informed and safe.
Although there may be a marked increase in cyber-attacks, making the right plans and considerations now to protect your company, its employees, and its valued customers' data can put you on the fast-track to a more secure future for everyone.
Curious to learn more about cloud computing? Download your free guide to learn more about the economic and strategic benefits of cloud computing.