The COVID-19 pandemic has changed the way many companies work, now and for the long-term. The humanitarian crisis has caused widespread economic impacts – but that’s not the only threat businesses are facing. As companies continue the shift of workforces (some partially, some completely), cyber criminals are taking quick advantage of these changing work conditions.
The “human layer” of organisations is being targeted – as many researchers note is the weakest link in chain of cyber defence. Cyber criminals are now targeting COVID-19-related fears among the population with working from home becoming new gateway for hackers. According to recent Deloitte research, one quarter of all employees have noticed an increase in fraudulent emails, spam and phishing attempts in their corporate email since the beginning of the COVID-19 crisis.
With a noticeable increase in cyber-attacks and more potential points of vulnerability, it’s now business-critical stay informed about one of the most significant modern threats to companies – cyber security.
Why is cyber security important?
Any device that’s connected to a network can be a potential cyber security risk. This includes desktops, laptops, servers, software applications, and data transmitted across a network – the largest of these networks being the internet. Cyber criminals target vulnerabilities and points of weakness, meaning that no matter whether you’re an SME or enterprise organisation, cyber security is a critical aspect of keeping your business, and its data, protected.
As many high-profile cyber security breaches in recent years has demonstrated, it’s not just about keeping your company data safe. It’s also imperative to keep your valued customers’ data safe.
“The way that companies and their employees work has evolved, and so the focus on cyber security needs to evolve with it. Your security is only as strong as your weakest link.”
Vulnerability to cyber attacks
Phishing email and WhatsApp messages that trick users into sharing personal information including usernames and passwords or clicking malicious links and attachments. Cyber-criminals can then install malware onto user devices in an attempt to steal information.
A common scam right now is a fraudulent message which pretends to come from the World Health Organisation, telling the user to click a link to receive information about coronavirus. Such messages will often ask the recipient for sensitive information including usernames and passwords.
Many countries have instituted dedicated cyber security initiatives to inform and educate the public. See the Australian Cyber Security Centre for one example of this. Keeping your team informed of the latest developments and reinforcing the importance of cyber-diligence can go a long way to minimising the risks.
Protecting your mobile team
More employees are now working from home than ever before but ensuring data security still needs to consider protection inside and outside their homes. Use of public Wi-Fi, for example, can be a major point of vulnerability. JCS has a policy of public Wi-Fi being disallowed for all employees due to the increased security risk.
For those using home or private networks, 2FA (2-Factor Authentication) can be another simple way to boost security and reduce the risk of hacking and identity theft. And for those connecting to company servers, a VPN can facilitate a secure connection between user devices and those servers.
“It’s critical now more than ever to protect your sensitive business data. Making sure your business software is up to scratch with security is essential to helping all employees work securely and effectively – from wherever they are.”
Cyber security and business continuity
Cyber attacks and data breaches can significantly disrupt or even cripple a business. Data ransom, data loss, and compromised personal and financial data can wreak havoc and impact operations with extended downtime and devoting resources to fixing data issues. Even a single incident can result in lost productivity, decreased revenue, and a severely damaged reputation if your customer data is compromised.
Cyber security and a BCP have often been thought of as two very separate disciplines, but is it now time for them to become inextricably linked? Integrating cyber security into your BCP can help strengthen your overall business continuity, make your data protection more robust, and enable fast, effective responses to cyber-attacks or security breaches. Particularly with the rise in cyber-attacks throughout COVID-19, creating a cohesive strategy paves the way for operations to continue throughout unforeseen changes.
Protecting your valuable business data
The systems which run your business are the most critical. Without these business management systems, you’d be back to managing paper trails and spreadsheets. Many companies start out with accounting packages such as Xero or MYOB. As they realise the profitability benefits of running a single platform for all core business data, many evolve to an ERP system like SAP or NetSuite. Cloud-based ERP systems take the benefits a step further, providing secure, anywhere access to your valuable business data.
NetSuite is one of the primary systems that JCS employees use daily across finance, purchasing, sales and marketing, HR and payroll, employee data, and more. First established in 1998 (the same year Google was founded), NetSuite is widely recognised as the first true cloud ERP system. Needless to say, cloud security has always been a priority for the company – as it should be for any ERP provider. If you’re considering moving to an ERP solution, it’s advisable to dig deep into the security features before making an investment decision.
Some of the key aspects that keep NetSuite users’ core business data safe and protected include:
- Transmission encryption of all user credentials, along with all data in connected sessions with industry-standard protocol and cipher suite.
- Full audit trails of activity logged for every user.
- The ability for administrators to set up strict password policies that ensure the variation and complexity needed to create robust user passwords.
- Role-level access that ensures users only see the company-sensitive information relevant to them.
- Idle disconnect policies which users out after defined periods of inactivity – minimising the security risk of a lost or unlocked laptop.
The company has also deployed a network of third-party vulnerability assessment tools that receive daily updates on vulnerabilities. These tools are used to regularly assess the patch status and vulnerability risk of its software and services.
Regardless of which business systems you’re using, it’s critical now more than ever to protect your sensitive business data. If you’re unsure of the security measures your current business software employs, it could be the right time to review. Making sure your business software is up to scratch with security is essential to helping all employees work securely and effectively – from wherever they are.
“Working with software vendors and systems providers that uphold the same high standards of security as your own organisation ensures an all-round secure environment in which employees can operate safely and confidently.”
Lessons learned from cloud software experts
A holistic approach to cyber security means not just being reactive to events that have already happened but also proactive through active involvement in a wider security-focused community.
This is demonstrated brilliantly by NetSuite, who is committed to tracking cyber security incidents by subscribing to US-CERT and the National Vulnerability Database, and actively monitors feeds from key software vendors including Oracle, RedHat, and Microsoft. The company maintains relationships in Infragard, OWASP, ISC2, ISSA, and IEEE and measure activities annually to ensure it adheres to high standards – also including these metrics in its ISO27001 audit and certification.
NetSuite takes prompt action on vulnerabilities noted by US-CERT which enjoy sharing agreements with CCIRC, AU-CERT, and others. This approach also provides a framework for monitoring and tracking specific threat information.
Additionally, NetSuite security team members are formally obligated to maintain security certifications and complete CPE hours to maintain such certifications as part of ongoing currency with general security topics.
Working with software vendors that uphold the same high standards of security as your own organisation ensures an all-round secure environment in which employees can operate safely and confidently.
“Keeping your team informed of the latest developments and reinforcing the importance of cyber-diligence can go a long way to minimising the risks.”
The evolution of a secure workplace
The way that companies and their employees work has evolved, and so the focus on cyber security needs to evolve with it. Your security is only as strong as your weakest link – but these links can be strengthened through:
- Staying informed, and informing your team, about the latest risks and developments
- Incorporating cyber security into your BCP
- Understanding the security measures your business software employs – looking for software that emphasises security
- Having security plans in place that cater for multiple locations or countries
- Learning and taking note from corporations with extensive experience in the cloud software business
There are also plenty of resources with tips on cyber security when working from home, including this in-depth article from the Australian Cyber Security Centre. Sharing this kind of information with your team or employees can help keep everyone informed and safe.
Although there may be a marked increase in cyber-attacks, making the right plans and considerations now to protect your company, its employees, and its valued customers’ data can put you on the fast-track to a more secure future for everyone.
If you’d like to know more about how an ERP solution can help your business improve financial planning and forecasting, do more with fewer resources, and gain a competitive advantage, shoot me an email. One of my clients is a local team of award-winning cloud ERP experts who take a considered, personalised approach to ERP implementation.