Hackers are bad actors, plains and simple and they are not about to let a pandemic derail the efforts to steal data, identities and money from victims.
The COVID-19 pandemic has given hackers fresh angles to orchestrate their attacks. Phishing emails are circulating everywhere and they continue to get harder to detect. As simple as it may sound it's as important as ever not to click links or open attachments in email messages, unless you are able to guarantee their authenticity.
Just yesterday it was announced that Marriott has been hit by a second data breach. This is Marriott's second breach in 18 months. Talk about getting kicked when you're down. The hotel industry, perhaps more than most, has been hit extremely hard by the pandemic crisis. This data breach is close to the last thing that Marriott needs to be dealing with right now, yet they are. It's all over the new today.
Marriott's current breach may involve as many as 5.2 million Bonvoy loyalty program accounts. Marriott does not presently believe that account passwords of PINs have been exposed, but assume that any other information you have in your Bonvoy account has been.
With most people moving into remote working as a result of the pandemic, you have to keep a laser focus on your cybersecurity posture, perhaps now more than ever. Don't let up on employee training. If you have a cybersecurity training program, continue it remotely. Send phishing tests to your employees and be sure they are not letting their guard down. Be sure you maintain your multi-factor authentication systems. Do not let your guard down to facilitate remote working. Adapt your security systems to address it. Now is also an excellent time to redistribute your remote working policy so everyone understands what the company expects of them in terms of working securely and safeguarding company data.
You can be sure that the hackers are looking for remote workers who are letting their guard down. To state it again, don't allow that to happen. Keep your existing cybersecurity controls in place. If anything, strengthen them. There may be some upfront disruption associated with maintaining and enhancing cybersecurity controls to support a fully remote workforce. This is OK. Prepare your team for this and let them know it's to maintain an appropriate cybersecurity stance under your new reality.
You have enough pressure keeping your business functioning through this time. The last thing you need is what Marriott is having to deal with as a result of a data breach. Stay safe, stay healthy and stay secure!