The COVID-19 pandemic unleashed a perfect storm of events that exposed organizations to increased cyber risk vulnerability with both emerging and atypical cyber risks. Employees are juggling job responsibilities with concern for the safety of themselves and their families. The workforce has transitioned to remote work with little or no preparation and training. Organizations are focused on surviving with massive revenue reductions and global economic upheaval. With this much chaos, hackers and other cyber criminals have an opportunity to capitalize on our vulnerability. The increased risk is so significant that even the U.S. Federal Bureau of Investigation (FBI) and Department of Defense (DoD) have issued warnings for remote workers.
To help internal auditors remain vigilant regarding cyber risk both during and after the COVID-19 pandemic, this paper examines many of the situations that require heightened awareness. By no means is this an exhaustive list, but rather an effort to prompt your evaluation of cyber risks in today’s environment and start thinking ahead for the post-pandemic world.