COVID–19 has accelerated remote working adoption globally, necessitating the workforce to operate from virtual environments and diverse locations. Today, the global business is done online, including supply orders and cash transfers as an emerging mode of trade. This leaves companies vulnerable to cybercrime and potential losses. Top management must pay special attention to this millennial threat and prioritise cybersecurity for their companies, notwithstanding their knowledge of cybersecurity matters. The COVID-19 pandemic has created enormous and swift changes, therefore, companies cannot ignore the cyber challenges associated with largely or entirely remote workforce
Below are some recommended steps and interventions to protect organisations from malicious cyber threats:
Governance and Risk Management
- Conduct a comprehensive risk assessment and business impact assessment for critical functions and processes in the organisation.
- Update and communicate acceptable use policies for employees and address the use of home computing devices.
- Define data classification categories and data privacy requirements for the organisation.
- Identify functions requiring secure IT environments that remote working may not provide, and develop ways of performing them.
- Anticipate how the entities your business depends on, e.g. cloud, network infrastructure providers, and others may be affected by COVID-19 disruptions, and develop continuity and resiliency options.
- Refresh and update cyber incident response, continuity plans, and disaster recovery plans to address current operational needs.
- Regularly communicate cybersecurity awareness messages to employees to reinforce security procedures.
Systems and Networks
- Provide secure access solutions with sufficient capacity for the increased number of remote users.
- Offer security protection on endpoints.
- Enforce software updates to remote workers.
- Reassess rules such as geo-blocking that could prevent remote access.
- Increase IT help desk capacity and hours of operation to handle the increase in services required by remote workers.
Cyber Operations
- Ensure that cybersecurity alerts and audit logs of critical systems, for example, VPNs, firewalls, endpoint security tools, and critical business applications are centrally collected and analysed to detect and respond to suspicious/malicious activity.
- Review/update VPN profiles and firewall rules to ensure employees are assigned appropriate privileges based on their roles.
- Implement procedures requiring approval from data/system owners for provisioning and de-provisioning of remote VPN and other accounts related to critical business applications.
- Enable multi-factor authentication for VPN and critical information systems.
- Disable split tunnelling for VPN profiles to ensure that remote employees cannot access the internet directly from their laptops while using VPNs to access corporate information systems.
- Create a shared channel — for example, #phishing-attacks — or email address where employees can report suspicious emails.
Employee Education and Awareness
- Develop tailored cybersecurity awareness messaging for remote workers and deliver it online to all employees. Include topics such as social engineering, password constructs, email security, etc.
- Detecting and avoiding elevated phishing threats, including COVID-19 scams and fraudulent websites.
- Ensure secure use of Wi-Fi, both at home and in public.
- Not using company computers for personal email, file sharing sites, or social media without approval.
- Saving and securing needed printouts of work files or emails and shredding others.
- Avoid copying work files or information to personal devices, including home network drives and personal online storage.
- Muting or shutting down in-home digital assistants that may continuously record nearby conversations.
- Not permitting family members or others to use company-provided equipment, including laptops and phones.
- Eliminating default home Wi-Fi router passwords and performing other home security checks.
- Confirming screen locks are enabled to ensure workstations are secured when not in use.
- Never leave laptops and mobile devices unattended in public spaces or unlocked at home.
- Use company-approved cloud services or data centre storage instead of local storage, particularly for sensitive information such as personally identifiable information, protected health information, financial data, and trade secrets.
- Avoid the use of USB sticks and other removable storage.
The recommendations above can help organisations work more securely and efficiently through these challenging times.
At pcl. we support organisations to develop and implement cybersecurity governance and risk measures, systems and networks, cyber operations and cybersecurity awareness for remote working and sustainable operations.
Written by:
Jason Ikegwu, QSA
Associate Partner