According to Mathew Payne, Chief Information Officer at CRS Technologies, malicious users have leveraged the uncertainty around the COVID-19 pandemic to target businesses and gain access to sensitive information.
Typically, social engineering and phishing attacks use the coronavirus as a hook to entice employees to either provide information they would not ordinarily import or click on suspicious links in emails. This will inevitably result in the installation of some form of malware on an employee’s device that provides an easy way into the corporate back-end.
Mathew Payne, Chief Information Officer at CRS Technologies
He believes that with the lockdown resulting in employees working outside the relative safety of the corporate network, attention must turn to the effectiveness of their home security solutions. For example, most people do not change the default security and password settings of their personal routers. As these networks provide connectivity to a variety of personal devices, many of which do not even have cyber security software installed, hackers can piggyback on to a direct link into the company’s systems.
“More than any technology solution, continuous education becomes indispensable to ensure employees understand good practice when it comes to security protocols. It is highly unlikely that HR will email a person to confirm their ID number or bank account details. Even on the off chance if this should happen, it is always advisable for the employee to confirm the veracity of the request with their manager,” Payne adds.
Company support
Organisations can also insist that remote workers only use company devices for work purposes. Of course, the business must then have supplied these employees with secure laptops and smartphones. This is especially critical for sensitive job functions such as HR and payroll where data integrity must be maintained.
Even though BYOD (bring your own device) has become part of the way of work for many, the lockdown could see a return to company-supplied equipment to mitigate the risk of compromise. Employees’ laptops and other devices will be optimised to work effectively with the corporate network and have the required security protocols set up.
Mathew Payne, Chief Information Officer at CRS Technologies
Perhaps one of the most important areas to focus on is about making remote working easy, Payne continues. “If employees battle with difficult-to-use systems to log in to the corporate network, or if their virtual private networks become too slow, they might be tempted to find more user-friendly workarounds. This is where the risk of ‘shadow IT’ comes into play, which refers to the technologies and solutions that people use without the knowledge of the IT department.
These alternative solutions are often designed for consumer environments and are not secure or robust enough to deal with the complexities of a business network. It could provide another avenue for malicious users to compromise data. Companies should consider using this remote working window to identify new ways to manage the business as securely as possible.
Mathew Payne, Chief Information Officer at CRS Technologies
CRS Technologies is a leading provider of solutions and services to the growing human capital management industry.
Following its establishment in 1985, the Johannesburg-based company quickly found its niche in the HR, people management and payroll sector and soon matured into the specialist of choice for blue chip organisations and SMMEs throughout Africa.
Today CRS is acknowledged as the most proficient HR and payroll solutions company on the continent, underpinned by solutions and services that help create workplaces of inspired, engaged and rewarded employees. Our approach to market is about maximising value between employer and employee, integrated with innovative technology that unlocks human potential and grows businesses.
CRS achieves competitive advantage through its commitment to global best practice in HCM and its drive to transform HR departments into strategic, value-added business units, be it through bespoke software and services or shared industry insight.