25 Mar 2020
Cyber Security during Crisis
Following Coronavirus Disease 2019 (Covid-19) pandemic across the globe, over a billion people are being required to stay at home. Working remotely from home is today the norm, but this practice exposes companies to cyber-attacks and makes them vulnerable.
This global context will be exploited by cyber criminals who will attempt to exploit vulnerabilities as everyone has left the corporate premises. Furthermore, cyber criminals will attempt to exploit the weakest link of your Cyber Defence Strategy being your employees.
Employees will be enticed into phishing campaigns that maybe related to Covid-19 on the latest evolution of the global crisis. They may be tricked by scammed emails to allegedly respond to their company's request to approve transactions or transfer money urgently. Other Phishing scenarios can involve fakes communiqués by national health authorities.
To protect your company and employees, BIRGER. recommends the following measures:
- Raise Awareness: Send communications to your employees and customers to raise their awareness against potential cyber security risks during this crisis.
- Protect your company: Ensure that your IT and Network Infrastructure are hardened for the current work context and all your endpoints are up-to-date including the latest antivirus patches.
- Secure all remote accesses: Use Virtual Private Networks (VPN) with encryption in place and avoid using unsecured public WiFi to connect to your corporate network.
- Access policies: Use two or multi-factor authentication. Stringent identification management policies to be introduced, monitored and reviewed whereby selective access is granted on a case by case basis.
- Prevent Data Loss: Deploy Data Loss Prevention (DLP) tools, encryption and strong policies which will prevent transfer of unauthorised files, restrict confidential data transfers and monitor in real-time all sharing of information.
- Monitor all endpoints: All employees' devices including mobile phones, tablets, laptops and PCs to be continuously monitored for cyber security incidents, with management of all events to be carried out by your trusted Security Operation Centre on a 24/7 basis.
- Business Continuity Planning (BCP) processes: Business continuity processes should remain in place to ensure recovery in case of a cyber-incident.
- Document and Report: Employees to sign Non-Disclosure Agreements (NDA) since they will be working from home with the risk of divulging private and confidential work related information. Any loss of data to be reported immediately to minimise fraud. Promote random supervision of employees working from home with daily reporting and debrief meetings.
For more information on the topic and our Cyber Security Solutions & Services, please contact us by mail security@birger.technology.
BIRGER.