Coronavirus is testing the efficacy and scalability of corporate business continuity plans.
Cybersecurity tips during Coronavirus. Many are finding previously untested or minimally tested plans are falling short. In an effort to deal with the shortcomings, security is often bypassed. As these corporations begin to adjust to this new reality, malicious actors are taking advantage of the situation as well.
An enhanced level of vigilance and caution are needed throughout every organization during these times. Large scale increase in activities have been observed from the major threat actors including state-sponsored and organized criminal gangs. These cyber criminals are targeting the American workforce with malicious email and SMS campaigns.
Corporate Information Technologies has observed targeted campaigns using false Coronavirus tracking apps, misleading national security related news alerts, and numerous health insurance related communications. Cyber criminals are capitalizing on the mass migration of the American workforce to work from home. They are targeting both corporate and personal devices in an effort to gain a foothold into American’s home networks and then indirectly into corporate networks.
There are several measures that IT leaders can take to contribute to the safety of your organizations, while the list isn’t exhaustive it does provide hardening against the observed attack vectors.
- Ensure all systems that are accessing corporate data and systems comply with basic security policies. Simply, if it is not OK for a corporate device to access sensitive data without Antivirus, Endpoint Detection/Response, DNS Filtering, Anti-malware, and administrative account lock down why would it suddenly be OK to use another (possibly personally owned) device to conduct the same activity?
- Educate and inform users about ongoing attack vectors. Email, SMS, and Telephone are all active attack vectors. Reinforcing Think Before You Click to now include personal devices (like cell phones).
- Bolster front-line detection and filtering. Ensure that your organization is employing a unified defense-in-depth approach. In this instance, unified means that all the defense mechanisms are aligned with respect to their policies, actions, and reactions to threats.
End-users equally have a stake and role in the digital well being of the corporate network. They may not be able to affect the configuration of security tools; however,they can radically impact the overall security posture. Beyond the obvious ‘think before you click’ mantra, end-users can contribute to the detection and deterrence of cyber attacks.
Cybersecurity tips during Coronavirus – Three actions every user can take to help secure the corporate information assets.
- Understand the risks present on home networks and take steps to secure them.
- Every device in a network contributes to its security posture. Smart thermostats, light bulbs, kids’ iPads, etc. all contribute to the security of the network.
- Ensuring that every device is fully updated and its default admin accounts use a unique password.
- Where possible running a local firewall service drastically improves end-users’ personal security and indirectly that of corporate assets that are permitted to commingle.
- Communicate official notification channels that will be used by all key corporate services.
- Malicious actors are impersonating HR, Health Insurance, DHS, and targeted employers to attempt to lure end-users by malicious actors.
- Simply communicating what end-users can expect, from whom, and through what channels can go a long way to equipping them to detect malicious actors.
- Establish clear lines and an expectation of security-related activity reporting.
- Consider what should an end-user do if they receive a possible fake SMS or legitimate sounding email (phishing) message. Who should they notify and how? Ensure end-users know this and are comfortable making such reports.
- The basic controls of the 20 Critical Security Controls come into play now more than ever as organizations quickly morph and adopt remote workforce practices.
- Knowing what systems are permitted to make connections, what data exists where, who should be able to access that data, and what software applications are permitted to access corporate assets.
- These controls together combat many of the inherent risks that many are confronting in this radical shift.
- Coronavirus doesn’t mean an abdication of legal or regulatory compliance requirements. Ensuring the basics of data security and integrity through this period will go a long way to come out stronger on the other side.
We’re in this with you. If our Cybersecurity tips during Coronavirus have brought up specific questions or concerns, please reach out and get in touch. We are here to help you through this crisis.
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more. Don’t Gamble With Your Security