IT departments are used to long-term roadmaps. Anything unexpected can be dangerous, especially in areas where security is a top priority. After all, all accompanying parts of newly-introduced software or processes must be carefully examined. When the coronavirus pandemic was announced, however, everything happened so quickly. Within a few days, production came to a standstill and employees had to move to their office at home – where they will remain until further notice.
Speed Over Safety: A Risky Situation
This situation has forced IT departments to deviate from their usual patterns. They had to react quickly and find pragmatic solutions so that the workforce could access the most important company systems from home. But there’s a lot of preparation to be done, especially when managing large workforces. VPN access, video conferencing solutions, and sufficient bandwidth are just some of the things to think about.
“IT departments and IT service providers are currently working at the limit to ensure that their organizations are able to work,” Dr. Joachim Bühler, Managing Director of the TÜV Association, told PROCESS magazine (link only available in German). If that’s the case, it can be assumed that, despite everything being done, security is being neglected in many places.
Within a short timeframe, solutions were implemented before all security criteria were examined. This is understandable. After all, the loss of entire teams costs a company considerable amounts of money. But now, companies have to readjust their IT security, says Bühler. The focus now is on mobile working. It is particularly important to prevent employees from using tools they have chosen themselves without consulting the IT department.
In addition to IT security, social engineering also plays an important role. Employees can be manipulated in a targeted manner and this risk has increased as a result of COVID-19. As early as the end of February, countless spam campaigns have been launched (link only available in German), promising “vaccines” for the coronavirus via email. This was used to produce phishing attacks and transmit malware. In times when worries are an everyday occurrence in society, people are more vulnerable and can make ill-informed decisions. It is therefore equally important that companies consider the technical side of IT security, as well raise awareness among their employees.