How to manage the impact of COVID-19 on cyber security

The COVID-19 outbreak has been declared a pandemic by the World Health Organization, causing huge impact on people’s lives, families and communities. This has had an immediate effect on organisations, changing the ways employees work and bringing with it new cyber risks.

As the international response continues to develop, we know that organisations are reacting rapidly to potentially significant challenges. Many organisations and employees are needing to rethink ways of working in light of considerable operational and financial challenges. Without appropriate considerations, this could fundamentally increase the risk of cyber security attacks.

Organisations should take three key actions to mitigate these emerging risks:

1. Secure their newly implemented remote working practices.
2. Ensure the continuity of critical security functions.
3. Counter opportunistic threats that may be looking to take advantage of the situation.

More information is available in our white paper here.

Secure newly implemented remote working practices

1. Monitor for shadow IT and move users towards approved solutions.
2. Ensure remote access systems are fully patched and securely configured.
3. Ensure on-premise security controls still apply to systems when they are not on the internal network.
4. Monitor remote access systems, email and Active Directory for anomalous logins.
5. Monitor and react to issues encountered by employees with remote working.
6. Support your people to work safely and securely from home.
7. Review tactical actions and retrospectively implement key security controls which may have been overlooked.
8. Ensure remote access systems are sufficiently resilient to withstand DDOS attacks.

Ensure the continuity of critical security functions

1. Identify and monitor critical security activities to ensure continuity.
2. Confirm patching processes are functioning, including for laptops connected remotely.
3. Secure Internet-facing applications and services.
4. Implement IT change freezes on high-risk systems if normal processes cannot be followed due to workforce shortages.
5. Review how privileged users are going to perform administration.
6. Ensure you have the people, process and technology capability to detect and respond to cyber attacks.
7. Update incident response plans and playbooks to ensure they function with a workforce primarily working remotely.
8. Deploy asset management tooling to ensure continued visibility as systems are moved away from the internal network.

Counter opportunistic threats that may be looking to take advantage of the situation

1. Target additional awareness and communications where emerging threats arise.
2. Provide specific guidance to employees to be extra vigilant when it comes to requests for personal or financial information, or requests to transfer money.
3. Mitigate the increased risk of insider threats in the event of redundancy or termination.
4. Mitigate the increased risk of phishing with technical controls.

More information is available in our white paper here.