
-
- A doubling of email phishing attempts
- An exponential increase in malware attacks
- A doubling of NASA systems trying to access malicious internet sites
-
- Employees working on & saving company data on less secure home networks and home computers which are often shared with other family members
- Lack of VPN licences or VPN bandwidth issues meaning increased insecure network access from untrusted machines
- Employees being asked to use unfamiliar & hastily configured tools for conferencing, remote access, or sharing information
- Simple process changes such as authorisation of invoices remotely being ripe for business email compromise where bad actors convincingly & often extremely successfully, impersonate senior executives and trick workers into sending sums of money into their account
-
- The key lesson is do not allow yourself to be marginalised when fundamental change is being planned, you will not be thanked if a programme is derailed in-flight due to security issues that should have been flagged earlier
- The Risk Register is your friend. If you can get your risks before a Risk Committee or Executive Team, and be able to articulate them in a positive & constructive way, you are far more likely to see them addressed
- Make sure that you are either present or represented on Change Boards, and ensure that your concerns are recorded
- If you do not have a Board or Ex Team position, escalate early
- Finally, remember that done well – security is a business enabler!