Recent weeks were overwhelming in so many ways for all of us.
More significantly, businesses needed to consider society’s wellbeing while trying their best to keep things running.
As workers rapidly adjust to new ways of operating, new problems have arisen each day.
With the rapid transition to remote working, how do companies sustain operational resilience and security ?
During this time, the ability to remain connected will be vital, and so much of this will depend on online services and technology.
Whether it’s new work methods in the workplace, online shopping or video calls, and
social media with friends and family; we’re all affected.
To meet those increased demands, ensuring organizational stability will be essential.
Because of the impacts from the pandemic and a rapid shift to remote work, businesses across industries face an emerging cyber threat environment.
Safety should play a key role in reducing these risks and helping to reduce accidents and cyber-attacks.
At this time, companies need to ensure they can continue to provide their clients and consumers with essential online services and technology.
We see the use of COVID-19 in cyber-attacks, including targeted phishing and email spam, company account vulnerabilities, malware, ransomware and malicious domains.
Coronavirus-themed domains are 50 per cent more likely than other domains to be harmful.
Within this rapidly evolving world and cyber threat landscape, the following measures could be considered to help protect the organisation.
Key messages for employees
1) Be aware of your online hygiene
Be careful to click on suspicious links, particularly if they relate to coronavirus, as attackers use fear to cause victims to click without thinking.
Follow the company policies consistently.
Employees should accept all policies, guidelines and regulations for outside office access to the company network.
Individuals need to ensure that they report any suspicious activity to support teams and meet clear standards of ‘hygiene’: e.g. update key computer security patches, antivirus and malware, daily screening, etc.
2) Don’t allow family members to use your work devices
Laptops, mobile devices and sensitive data needs to be treated as they would be in the office.
3) Use your company approved storage solution
Work data should always be stored in safe locations approved by authorized users and available to them.
4) Choose only company-approved devices and contact the IT department if you use a personal computer to connect to the business networks.
When connecting via home Wi-Fi, it is vital to ensure strong passwords are in place and the avoidance of public or unsecured networks.
If a personal computer is used (exceptionally) users should be much more vigilant about upgrading operating systems, antiviruses and firewall updates.
Important messages for Cyber and IT teams.
For now
- Internally testing crisis management and emergency response capabilities, as well as service availability.
- Is the end to end process affected? Can systems still operate when most people are restricted to remote employment?
- Ensure that white emails are identified and classified as ‘EXTERNAL.’ In addition, workers should be kept aware about increases in COVID-19 related
- phishing attempts and ensure they do not click unknown or suspicious links.
- Implement Multi Factor Authentication (MFA) on all Virtual Private Networks (VPN) and essential cloud service connections to improve security.
- If MFA is not implemented / possible, demand the use of strong passwords by home staff.
In a regular basis
- Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
- Ensure that IT security staff check VPN limitations to plan for mass use and, where possible, implement modifications to prioritize users with higher bandwidths.
- Track privileged access closely by leveraging the methods of behavioral analytics to identify unusual activity for administrators and sensitive data handlers.
- Adapt security monitoring systems and strengthen the log monitoring rules for triggering alerts.Security operations teams should manage the increased number of alerts, sorting them by risk and detect false-positives from real suspicious events. Additional resources may be required for this.
- Increase attention to remote access cybersecurity tasks including log review, attack detection, and incident response/recovery.
- Ensure web and email protection by implementing web filtering technologies to prevent employees from visiting malicious websites. Implement email filtering rules to block spam and phishing emails.
- Limit administrator access and activities to only what is strictly necessary. Administrative activities should be closely monitored and controlled (E.g. with a ‘Four Eyes Principle’).
- Increase emergency management capacities, by reallocating resources. Check if your backup is working, test your failover capabilities. Help desks should also be prepared to handle an increased number of events and have a procedure to categorise those events.
- Increase your endpoint monitoring protection, looking out for suspicious behaviour and multiple deferred patches.
Given that everyone has so much to deal right now, raising awareness among the staff, IT and security teams will play a major role in sustaining core business processes and promoting new ways of working in the coming weeks.