It’s unusual that a cybersecurity news organization has the chance to report on a biological virus instead of a software virus. But here we are. The rapid-fire spread of COVID-19 has turned the world on its head, and it’s safe to say that a lot of changes are in store for the foreseeable future.
While preventative measures against the pandemic are escalating more each day, businesses have already been forced to make a number of changes, primarily in the form of shifting their workforces to remote operation in order to slow the spread of COVID-19. This practice, known as social distancing, has also created a slew of complications and difficulties for businesses that can’t operate remotely and depend on everyday economic activity – like restaurants, and entertainment venues. The worldwide panic and impeded economic activity has thrown markets into chaos, and financial organizations will play a huge part in stabilizing – or destroying – the global economy.
But first things first: organizations must act immediately to implement business continuity and disaster recovery plans in order to stay solvent. Having the right response to the coronavirus isn’t only essential for short term prosperity; it can ensure that an organization won’t be left permanently damaged. ADCG has collected some best practices for rolling with the punches:
The Virus and the VPN
Employees should use company-issued hardware whenever working from home. If that’s impossible, they should be sure to run all necessary updates on their personal devices and to install enterprise-grade security software. IT departments should be able to help employees secure their personal devices remotely, while business leaders can help IT staff prioritize which employees need assistance first. Once devices are secured, employees may also need to connect to their office-based machines remotely in order to comply with laws and regulations concerning data privacy and cybersecurity. That’s where a virtual private network (VPN) comes into play.
A VPN builds a bridge between an organization’s internal network and its employees’ devices. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published a set of best practices for VPN security last week on March 13, and offers some important starting points:
VPNs should always be regularly updated and patched. But as recent news reports show, they often aren’t. When considering remote work options, it is crucial that an organization updates VPN software and any other remote devices with the most recent security configurations. And because it’s more difficult to track the identity of users logging in over a VPN, multi-factor authentication should be used for all VPN connections.
It’s also important to keep in mind that at the end of the day, a VPN is often a third-party service provider, which means companies shifting to remote work are entrusting outside entities with almost all of their data. So choosing the right VPN provider is vital, and that goes beyond just verifying a vendor’s cyber resilience; bandwidth should also be tested to make sure a VPN can handle the entire company logging in at the same time (many VPNs allow a limited number of “seats”). Of course, it may now be too late to switch providers if bandwidth is insufficient, but security personnel often have the option of modifying VPN connections to prioritize users who need more bandwidth.
Beware the Phish
Pandemics are more than a health crisis – they create fear and panic. Cybercriminals thrive in this kind of environment because people are operating in fight-or-flight mode. Phishing schemes are especially successful when victims don’t take time to carefully analyze a seemingly-innocuous request for credential information. After all, if an employee has shifted to remote work, they’ve probably become accustomed to entering their user credentials into plenty of applications they’ve never seen before – like freshly installed VPNs. And because IT departments can (and often do) remotely access their computers, employees can become desensitized to “foreign” applications during these unusual times.
A spike in phishing attempts is not just speculation; it’s already happening. One attack targeted victims by posturing as a medical organization with important information regarding the coronavirus attached to the email. When the attachments were opened, malware was installed.
Organizations should prepare their workforce for these kinds of attacks. Employees should never open attachments or links in emails from unknown senders and should double-check a sender’s credentials before responding to requests for sensitive information. Every organization has different protocols for safeguarding sensitive and personal information, but the best practice is to keep personally identifiable information and sensitive data out of email exchanges. For example, if the marketing department needs customer email addresses, they should access a central database to retrieve such information. Whatever an organization’s policy may be, communicating that policy to employees is vital to warding off malicious phishes.
Keep Disruption to a Minimum
The pandemic has ensured that our day-to-day is anything but business as usual – which means organizations need to have a plan to keep disruption to a minimum. ADCG has covered the basics of formulating a business continuity and disaster recovery (BCDR) plan in this primer, but suffice to say that leaders should be prepared to think outside the box. Some financial organizations have split their workforces into separate locations, and many more have instructed their employees to work from home. Regulations against trading stocks at home have been temporarily lifted and the government may consider more measures to lessen economic disruption.
In addition to implementing a BCDR and adapting to remote work, keeping teams organized is more important than ever before. New tasks should be assigned reasonably across IT personnel. Leaders should create a skills matrix that specifies each employee’s role and identifies additional employees who can substitute in the case of an emergency. This will not only help keep employees on track, but it will highlight any holes in an organization’s current strategy that need mending. A team of cross-trained employees, consultants or vendors is vital during this time.
Coordinating with external vendors is just as crucial. Businesses should communicate with network carriers, including Internet or Wide Access Network (WAN) services, to ensure the stability and security of connections.
But the most important thing anyone can do during this trying time is to refrain from panicking. It’s easier said than done, of course, but vital to getting our world and our businesses back on track.