Maintaining an effective cybersecurity program during COVID-19

For most of this year, COVID-19 has dominated and disrupted our normal business routines, and as we relocated to avoid the first wave of the virus, the hackers and thieves weren’t far behind. As people began working remotely in large numbers, the number of unsecured remote desktops soared, as did brute-force attacks against those desktops. Email scams jumped over six-fold in March alone. As Smith’s Chief Administrative Officer, I am responsible not only for overseeing health and safety protocols for our employees but also for managing the safety and security of Smith’s and our customers’ data. Protecting Smith’s employees, customers, and suppliers from the unauthorized use of data takes diligence, ongoing internal training, and, most importantly, planning. Taking a proactive approach to data security prepares us for the cyberthreats that attempt to infect our critical infrastructure.

Despite the massive surge in cybercrime, shockingly few organizations have response protocols in place for cybersecurity attacks, and it can take companies upwards of six months to discover even large data breaches. Preventing data from being accessed by an unintended audience means establishing parameters. Because cybercrime is so often due to the failure of humans – as opposed to the failure of systems – we begin our protections at Smith with employee training on required best practices for data storage, documentation, transmission, and destruction. Every Smith employee completes training on cybersecurity and proper data hygiene. From file saving and sending to developing a second nature of deleting suspicious links, Smith employees follow detailed processes to keep our business network secure.

Of course, planning also involves consistent maintenance and equipment updates to protect our IT infrastructure and help us plan for the unknown. Smith’s incident response plan and business continuity program prepare us for “what if” scenarios and position Smith to provide our customers with continuous service and data protection. Many years before the COVID-19 pandemic began to unfold, Smith had already designed, tested and implemented our global network for real-time, worldwide collaboration. Those connectivity and cybersecurity protocols were put to the test two years ago during Hurricane Harvey, which pummeled Smith’s global headquarters in Houston with more than 50 inches of rainfall and brought the area to a complete standstill for days. Despite the havoc wreaked across the city, Smith’s operations were largely unaffected and saw no disruption in service during or after the event.

Though I hope the global medical community’s unprecedented research response may begin to alleviate some of the worst of this pandemic in the coming months, a quick cure for cybercrime is unlikely to follow suit. Annual global expenditure on cybersecurity is anticipated to grow to $6 trillion in 2021. Implementing an effective cybersecurity program often includes third-party screening and management. We all must step up our vendor management processes, especially now. The suppliers that you engage with can safeguard you, or they can make you a target for cybercrimes and cyberattacks. Engaging with third parties who do not have the proper processes in place to protect your data can cause unnecessary risks to your business.

As the COVID avoidance responses have highlighted, our digital landscape increasingly leaves businesses and individuals in a position of vulnerability due to our constant reliance on data at a longer distance. Finding the right balance between business convenience and security can be challenging, but, in our interconnected world, the importance of limiting our exposure to cyberattacks is paramount. To reduce third-party risk factors, I encourage customers to work with supply chain partners who have a comprehensive cybersecurity program in place.

Matt Hartzell is Chief Administrative Officer at Smith. Matt started at Smith in September of 1998.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.