Risk

Ongoing and Changing Security Needs in the New Normal

An empty office

With millions of employees working remotely, organizations cannot overlook the importance of security.

During the COVID-19 pandemic, businesses have been forced to rethink many aspects of their operations. With millions of employees forced to vacate their offices and work from home — many for the foreseeable future — organizations of all sizes must understand how technology is changing the workplace.

Here we will discuss how security risks are evolving for organizations and their employees, and how small and medium-sized businesses (SMBs) in particular are weathering the storm.

Security in Uncertain Times

For Kim Albarella, Vice-President of Risk and Security Advocacy at ADP, the threat landscape began to shift in January, when she started receiving security-related questions regarding the virus from clients in Asia.

"As time went on, it then shifted to Italy, and that's when we really started seeing our global clients start coming to us with lots of questions," says Albarella.

In those early days, ADP's clients wanted to know whether ADP could work from home, and whether the organization had previously identified the security risks of employees working from home and how to mitigate them. Today, as certain ADP employees return to the office, there's a new set of questions coming from clients.

"Our clients are really interested in how we are safely going to come back to the office," says Albarella. "They are asking whether now that most of our employees have moved to working from home, will they feel safe coming back? They want to know what we are doing to keep them safe from COVID-related scams and social engineering schemes that keep popping up"

To address those concerns and to help ensure the appropriate level of data protection, ADP maintains a robust client security program that informs clients about the security measures in place to protect their data.

Risk Mitigation for Small and Medium-Sized Businesses

As ADP continues to help ensure that suitable security measures are in place to protect its global client base, those same clients are responding to the stresses placed on them by COVID-19. While most headlines in the business press detail the troubles that household names are facing, small and medium-sized businesses are toiling in relative obscurity to survive the economic turmoil created by the pandemic.

At the same time, these smaller organization cannot overlook the threat posed by cybercriminals. "Bad guys don't take a day off. They don't quarantine and go into hiding," notes Albarella.

And with vast amounts of data now residing outside the traditional IT perimeter, businesses must protect their data wherever it travels and resides. To that end, organizations of all sizes should continue to focus their efforts on security, including the following basic measures:

  1. Be aware of the latest security trends. Albarella says scammers' focus has been fluid over the last several months. Whereas the focus during the early stages of the pandemic was on targets seeking virus-related information or looking to donate money, a prominent recent trend has centered on unemployment fraud. "They're always looking for this unproven way; everyone's nervous, people are in different environments, and scammers are really taking advantage of it," says Albarella.
  2. Commit to patching software vulnerabilities. In response to evolving threats from sophisticated cybercriminals around the globe, software companies continue to roll out security-related patches. Most installations require minimal time and effort to adopt, and they grant access to the latest security methods needed to thwart an attack. Make sure someone from your organization is working to deploy patches as soon as they become available.
  3. Educate employees on cybersecurity. There is often a lack of employee knowledge regarding the types of schemes the organization faces. Provide employees with brief yet consistent reminders about security best practices, including how to use robust passwords and how to handle unsolicited emails that appear suspicious.
  4. Secure sensitive data. Most businesses are awash in data, but not all of it requires the same degree of protection. Make sure your organization identifies and protects its sensitive data, such as customer and employee-related data. This should include granting employees access to sensitive data only when they need it for their job responsibilities.

In addition to the steps noted above, consider reaching out to your business partners to learn more about best practices concerning data protection. Because they offer support to many businesses operating across numerous industries, they'll be able to share insights they have obtained while helping to protect their clients' data.

With face-to-face contact slowly returning, but many employees still working from home, technology is continuing to play a more dominant role in today's business environment than ever. As businesses come to terms with how technology is changing the workplace during COVID-19, security must remain a top priority. After all, the virus may eventually subside, but criminals are here to stay.

Learn about our committment to payroll and data security by visiting ADP.com/trust.