Image of Business Instructional Facility

Jun 17, 2020 2020-06 Accountancy Faculty

From Zoom to malware, COVID-19 prompts new focus on cybersecurity hygiene

Employees forced to create instant home offices when the pandemic hit find their employers considering a large remote workforce as a long-term solution. From Twitter to Wall Street to Main Street, CEOs are cautiously embracing the idea. Yet only three out of four big businesses (77%) say they are fully prepared for this workplace shift, according to a recent Fortune-Adobe CIO survey.

To help companies better understand the scope and implications of a large at-home workplace, Robert Brunner, associate dean and chief disruption officer at Gies College of Business, moderated a Global Challenges in Business webinar series session featuring cybersecurity expert David Nicol, Franklin W. Woeltge Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign.

“Protecting yourself comes in many forms, from data breaches, to intellectual property and ID theft to ransomware. Businesses large and small and the employees who work for them can improve data security by following a few simple, but important guidelines,” said Brunner.

“The threats themselves haven’t changed that much, but the susceptibility to them has grown since the pandemic began,” said Nicol. He cites a rise in e-commerce, more time spent online, as well as sharing financial information when seeking a loan. Transactions made on personal computers don’t have the protections in place that work computers do.

Nicol outlines several ways a company’s employees can keep their own data safe as well as the firm they work for. Here is his cyber-health checklist:

  1. Keep work and home computers separate and use a VPN-encrypted channel at home, if possible.
  2. Password hygiene matters. Use different passwords with many characters. Don’t share.
  3. Use 2-factor identification. It’s now easier to use and nips problems in the bud.
  4. Make sure your browser is up to date. It will block out mal-vertising, which can infect a device even if you don’t click on it.
  5. Consider automatic updates of applications and operating systems. While they may cause new glitches, they are the best way to make sure your device is up to speed on vulnerabilities.
  6. Software that detects malware is a good investment, even for an Apple product.
  7. If you expand work-from-home options at your business, consider computer controls that monitor activity on non-work-related sites and applications.
  8. Know how to spot phishing. It may come in the form of an attached .pdf, Word or .XLS document that looks legitimate but has a macro that executes malware once you open it.
  9. Understand that business cyber-insurance may not cover ransomware that attacks employee-owned devices.
  10. Report hacks, not because you’ll likely find the perpetrator but because you’ll contribute to community knowledge about what attackers are doing and so protections can be mounted.

As for the safety of sharing information on the now ubiquitous Zoom platform? Nicols acknowledges it isn’t perfect but is generally a good trade-off between usability and security. He suggests companies that don’t have the resources to pay a consulting firm for cybersecurity advice right now, turn to the Department of Homeland Security. It maintains links to information-rich sites, including ones with courses to take, some of which are free.

“Our faculty experts at Gies have developed this series to help you assess the business risks of coronavirus and help you to better succeed through it,” said Brooke Elliott, associate dean and EY Distinguished Professor of Accounting at Gies.

The complete cybersecurity session is available here. It is the eighth installment of Gies Business’s COVID-19 global webinar series.  Learn about and register for the next topic, “Coronavirus and Insurance Coverage,” which will be held on June 23 at 11 a.m. (CT).  Lynne McChristian, senior instructor of finance and director, Office of Risk Management and insurance Research will explore what’s covered and what’s not with current policies, and share the solutions insurers and policymakers are considering providing relief to businesses.