With the increased need to work from home and a heightened sense of urgency during this pandemic, more and more organizations are being affected by security events. Follow these suggestions to mitigate risk and keep your company secure.
1. Increase your vigilance
The recent remote workforce boom has many people adapting quickly to change and adjusting to new rhythms. This has made it easier for malicious attackers to exploit the shortened time people have to analyze spam and phishing emails.
Slow down when acting on an email saying your account password needs to be updated, or anything else for that matter.
There will also be disruptions to systems and infrastructure as they were not designed and built to support the increased load with everyone working remotely at the same time. (Recently, MS Teams in Europe crashed due to load.) The best thing to do is understand and wait for the issue to be resolved.
2. Educate employees
End users are critical in thwarting attacks. With so many users working in distributed environments, individual actions are critical to the protection of company information and assets.
Every user should refresh their knowledge on their company’s security training.
Review the steps that need to be taken if they believe their account has been compromised or they suspect any other type of security-related event has happened.
3. Beware of COVID-19 related scams
We are already seeing COVID-19 phishing, scams, and malware sites come online and compromise user accounts and company information. Review your security training with safe computing and email safety.
Limit yourself to going to known good sites for the latest information about the COVID-19 pandemic.
4. Update business continuity plans
Resiliency-focused risk management, disaster recovery, and business continuity has been a topic that security professionals have been promoting for a long time.
Natural disasters have shown us this in the past. Hurricane Sandy demonstrated the weakness of being an island of resilience within a sea of fragility. While businesses kept systems online, transportation was shut down and employees had no way to get to office buildings, so the company was not able to conduct business.
The main lesson: identify critical functions for your business and each subsystem that those functions are dependent upon.
For many, a time of crisis pulls into sharp focus the need to understand core functions that your business requires to continue operations, along with the underlying support systems. These systems, which normally operate in the background, need to be considered and maintained. Risk management programs and business continuity plans should include enough detail around these systems so personnel can fully understand the integration points and adjust their work plans accordingly.
Eddy Cruz is a Certified Information Systems Security Professional (CISSP). He brings deep experience in information security and technology along with numerous other professional certifications from Cisco, Microsoft, CompTIA, and CIW. Eddy enjoys giving back to his community in the Pacific Northwest through volunteer work for Washington State InfraGard.