As remote work becomes more and more popular since the start of the pandemic, new cybercrime issues have emerged. It’s no longer about only having the benefit of computer security tools at work, but you also need to work with your own tools at home. Not everyone was prepared enough to guard against all eventualities.
Our colleagues at Proof Strategies in Toronto remind us that as a virus like COVID-19 sneaks into our lives, cybercrime-related incidents are constantly lurking, and a disaster can strike if we're not prepared.
Beware of computer... and human flaws
Cybercrime affects all of us in different ways and is often only discovered when it is too late.
However, it is like a virus which easily affects the most vulnerable ones. Cybercrime attacks can spread globally like a pandemic, evolving into new and sometimes more dangerous variants that can be difficult to contain.
Not only can they cause several damage, but these attacks often require the deployment of rigorous safety measures, and this is not about washing hands or wearing a surgical mask!
Cybercriminals have always known how to take advantage of computer or human loopholes. For more than a year now, the focus has been on health measures, vaccination evolution and the effects of the virus.
Meanwhile, vulnerabilities related to the lack of firewalls and adequate security measures for employees working at home have provided a great opportunity for computer criminals to operate.
In addition, various protocols were quickly adopted to allow employees to telework as efficiently as possible. But speed means sometimes hasty action, especially in e-commerce where users can be exposed to the theft of personal data.
There has also been an increase in ransomware and phishing. Stress, accumulated fatigue and professional or personal exhaustion occasionally lead to human errors that can have numerous harmful consequences.
Trust issues beyond computer flaws
There are things that can potentially be more devastating than a computer security breach, like a breach of trust. Since computer security breaches are technically preventable, companies are expected to be equipped to prevent them or at least "doing whatever it takes" to quickly restore normality when an issue occurs.
Morning Consult, a privately held global data intelligence firm, led a recent study where in which than 300,000 respondents were asked to rank various actions that would make them lose trust towards a brand. Surveyed people ranked a data breach that compromised their personal data first, far before poor customer experience, lies about charitable giving, environmental damage and various other misconduct.
Tips to keep trust
This threat goes far beyond data breaches. After a cybercrime-related incident, in addition to the damaged trust, it's natural to question the competence, effectiveness and integrity of a company and its products. Unfortunately, many companies still fail the test up till now.
How do you maintain trust in your company when a cyberattack occurs? Proof Strategies suggests this strategy: be ready, react, reassure.
A company should always be on the lookout. Does your IT department have appropriate safeguard policies? Also, consider setting up a reactive team with specific roles and responsibilities for each member.
Establishing a communication protocol is also crucial. Determine how and to whom you need to communicate the security breach. Be vigilant and get enough insurance against cybercrime. Don't forget to plan scenarios and simulations (wishfully performed by a third party).
What to do when an incident occurs? As much as possible, control the incident and assess the situation. In the case of a ransom note, make sure you have first determined the technical, financial and ethical criteria that will guide your decisions.
Communicate with empathy and responsibly: Besides mandatory reporting duties, treat others as you would want to be treated if your personal data were stolen or became unreachable.
Of course, communications should be clear and frequent. Also, a close monitoring of media and social media will help you in targeting persistent issues or misinformation.
Once the incident has been resolved, take the time to restore your customers' trust in your company. Essential steps are making a sincere apology, conducting a thorough investigation and taking actions to prevent similar issues from happening again.
Unfortunately, trust in businesses doesn't just happen by itself. Being alert, proactive and reassuring is the best way to achieve it.