As we all transition to following the appropriate guidelines of social distancing, and thus working, teaching, and learning remotely, it’s important to keep cybersecurity in mind. Trends worldwide already show bad actors trying to make use of the pandemic to their own ends, and our users will continue to see attacks focused around the pandemic and the fear it’s creating. We are seeing increased Phishing campaigns, fake apps, ransomware from APT’s, and other exploitations of remote or work-from-home based attacks.
Additionally, staff may be using software to connect remotely that they may be unfamiliar with or unsure how to use. As we educate our teams on the best ways to work from home, it’s critical that security is a part of that mix. New systems, tools, and technologies used to enable these efforts must be scrutinized for security concerns. Policies and procedures for accessing information, the correct way to connect remotely, and enhanced awareness of scams and attacks targeting them should all be top of mind.
Below, we’ll explore important elements of security, best practices for preparedness, and how to adapt and maintain business continuity.
Mitigating risk to staffing
The single biggest point of failure in security and business continuity is the human element. Considerations around your people and processes are vitally important at this time in order to keep your institution secure online.
- Avoid business processes that put an entire team covering a key function at risk. Examine any single-point-of-failure in your processes and work to train others to cover as needed, especially related to executing on security and disaster recovery plans.
- Implement policies that allow for ample flexibility and coverage among team members. Develop a contingency plan in case employees suddenly become unavailable.
- Build contingencies that may include extending work hours and/or splitting shifts among distributed teams.
- Communicate with employees and give them (or reinforce existing) training on incident response before a failure occurs, if possible.
- Plan for contingencies that might require in-person correction if hardware fails. Who will go in and what authorization do they need to do so?
- Consider the impact on working time: illness or other unplanned events (e.g. being a caregiver) may remove some amount of productive work for every employee. Expect other preparations outlined in this guide to generally consume additional time.
Managing risk to systems & people
Your risks and vulnerabilities are likely to change due to the increase in online teaching and learning and remote work. New policies, procedures, and methods of access should be developed and enacted with an inherent focus on security.
- Educate users about various scams and attacks surrounding the COVID-19 outbreak. They should be shown how to carefully review the sender of any email and scrutinize its contents before opening attachments, links, or sharing any information
- Ensure employees are familiar with the new methods of connection during work from home. Should they access files on their home devices or with organization owned/managed systems only? Are they able to access different information depending on the device or security systems in place? These types of questions should be answered by formal security policy. Resources like the SANS Security Awareness Work From Home Kit can help.
- Anticipate the necessary surge in remote connectivity and remote learning resources. In the event of an incident, do your users have an escalation plan for coordinating with the IT team, and what role do collaboration applications play in that plan? Do you have the tools and volume of licenses to cover the current need?
- Ensure your Disaster Recovery (DR) plans are up-to-date and that any DR site is ready and available for the capacity you will need. If you haven’t tested DR plans in some time, this is the time to do so.
- Review your physical data center DR plans; sites should not be too close together. Ideally, your cloud virtual data center has its DR in a diversity of geographic regions in case of a physical shutdown.
- Malware on users’ personal devices now being used for remote work might capture credentials and information that puts your institution in jeopardy. Consider the risks to your network from VPN connections on unmanaged systems if users are connecting remotely, and risks to cloud systems/apps if users are connecting from personal systems.
- Anticipate that some usage patterns might change dramatically for your users. Remote management only gets you so far.
- Plan for outages to remotely available systems and plan for alternative workflows as needed.
- Understand the impact of delays in your supply chain – whether it be slower delivery of products to your shelves, or inability to provide new hires with laptops, plan with security in mind.
Resources/further reading:
- Edge Cybersecurity Solutions
- Working from Home: COVID-19’s Constellation of Security Challenges
- SANS Security Awareness Work From Home Kit
- Malicious Coronavirus victim tracking app demands ransom payment from Android users
- UK intelligence agency warns of cybercriminals exploiting the Coronavirus outbreak