Zoom experienced an increase of 10 million daily users in December, 2019 to 200 million daily users in March, 2020. The private information sharing and security breaches during this time became a public firestorm, and it has caught the attention of the New York Attorney General and the Federal Bureau of Investigation.
The CEO of Zoom said it simply. “I really messed up.” He now seeks to make Zoom a security and privacy first company.
Security isn’t an issue until it is. It is both human nature and corporate entropy to assume all is well or to fail to keep security front and center.
I have a friend who married young. He scored a “real job” out of school. After receiving his first paycheck, he and his wife went clothes shopping. It was the first time they could afford to do so. Toward the end of their shopping spree, he put down a bag of clothes they had purchased in order to look at a shirt. When he turned back, the bag was gone. “I felt like I had turned away just for a second,” he said.
A second is all it takes.
Cyber-security and cyber-resilience is top priority. You know you need to protect against technology threats that evolve and emerge every day. You also know that you require quick and successful recovery.
During this Covid-19 outbreak, phishing attacks on industry rose 667% in February-March alone. Business email compromise (BEC) is an increased target, especially for anyone executing legitimate funds transfers.
Given the increase of remote work in this time, and the probability of more remote work in the future, here is a simple but effective tool to give to your employees. They need to review it constantly, and abide by it. When it comes to remote work and technology, PAUSE.
- Avoid use of personally identifiable information.
- Ensure that your device is being used only by you as an approved user.
- Keep your devices on you and enable auto log-out.
- Use approved cloud-based service.
- Use company-approved devices and applications.
- Update your software as soon as updates are available.
- Be aware of IT support mechanisms in place.
- Confirm company-issued VPN and security configurations.
- Connect to a secure network.
- Utilize separate networks for company devices and personal devices.
- Only access content on reputable websites.
- Do not click on links.
As leaders, you can expect a security incident, so make sure you have updated your incident response plan during this crisis.
Sometimes the best security is the easiest to come by: watchfulness. You have good plans in place and powerful technology working to protect you. But even the best laid plans are subject to human error.
And it only takes a second.