The global fear surrounding COVID-19 has forced many organisations to develop ‘Coronavirus Plans’ and consider alternate working methods. In an effort to protect the health of employees during this uncertain time, it is also critical to consider the cyber security health of your organisation.
Malicious attackers across the world are seizing the opportunity to exploit any technological weakness they can, as well as preying upon the human fear factor. The World Health Organisation (WHO) has warned that criminals are using their logo and publicly available information to steal money and sensitive information. Now more than ever it is paramount that your organisation takes the appropriate actions to protect yourself from cyber threats, fast.
Many of the risks for working from home are not new, but as more organisations close their physical offices, the risk profile is changing.
- Increased use of remote access and the capacity of the system to deal with this increase.
- More employees working from home will result in more remote access issues and calls to IT Support.
- Phishing and vishing attacks from hackers able to regularly change their attack pretext with the changing information available.
- More noise in security incident and event monitoring or user behaviours analysis tools.
- Staff using non-work issued computers.
Organisations need to be proactive against cyber-attacks, particularly those arising from the coronavirus and a remote workforce.
- Increase your cyber security measures in anticipation of the higher demand for remote access technologies. Ensure there is a remote access policy (or equivalent) in place and test technologies ahead of time (prior to enforcing your workforce to work remotely).
- If you use a remote desktop client, ensure that it is secure.
- Implement multi-factor authentication for remote access systems and resources (including cloud services). If MFA is not already enabled, adapt the risk management procedures to accommodate for this increased risk.
- Ensure the IT Service Desk is prepared to handle a greater influx of activity, as well as the robust controls to authenticate each person as they contact the IT Service Desk for assistance.
- Ensure that your staff and stakeholders are informed and educated in cyber security practices, such as detecting socially engineered messages and potential vishing attacks coming from fake IT Support services. We are seeing several phishing attacks under different pretences: Click here for a Cure, Transmission Map, Tax Refund, Government Aid/Grants, Donation, etc. These attacks can be directed at anyone, however, often target C-suit and senior leadership individuals.
- Ensure that staff working from home have physical security measures in place, such as secure doors, locks and windows, fire and smoke detection mechanisms and appropriate security behaviour such as locking the screen when unattended. This minimises the risk that information may be accessed, used, modified or removed from the premises without authorisation.
- Ensure your systems, including VPNs and firewalls, are up to date with the most recent security patches. These can be easily found online for Microsoft and Apple.
- Ensure your work devices, such as laptops and mobile phones are secure. If the device used by an employee has not been issued by your organisation, develop a plan for how these devices can be appropriately secured.
- Review and update your Incident Management Process and ensure it is able to contain any attacks quickly and minimise business operations and reputational damage.
- Keep testing the security of your systems. Most tests (including an internal penetration test) can be performed remotely and it is more important than ever to test the security of remote access.
While an organisation does not necessarily have the same degree of control over their workforce when they are working remotely, it is important that an organisation prepares their employees as best as they can.
Regular communication about how to work remotely in a safe manner, current threats (particularly COVID-19 phishing emails, with some even posing as internal communications from senior management or the C-suite), implementation of security controls and regular security updates are key to maintaining the cyber security health of an organisation.
If you require further information about cyber security, please contact your local RSM office.