Managing Availability of
Business Systems

Current events are causing daily surges in demand with the use of various products or services. You should consider how your organization’s product or service can remain available if you see significant spikes in traffic.

Examples:

Trading platforms are seeing surges in traffic as volume has increased with market impacts. Healthcare organizations from providers to labs are also seeing swells in traffic. There are also more non-obvious impacts such as increasing sales with online retailers as more people shop from home.

Next Steps

  1. Determine whether this will have an impact on your organization’s product or service.
  2. Identify, review, and determine the applicability of your organization's formal business continuity or capacity plan for supporting these potential events.
  3. Be sure to consider the potential impacts of cyber-attacks.
  4. Think about whether your plans or scenarios have been tested and whether you would consider them valid.
  5. If not, determine and organize stakeholders to brainstorm scenarios and tactical approaches to be as prepared as possible.



Maintaining Appropriate Cyber Security Staffing

Many cyber security teams were shorthanded before COVID-19 and have multiple single points of failure. Current events could lead to even more key team members becoming unavailable.

Examples:

You only have one person that knows the passwords to your vulnerability management platform, how to operate it, or otherwise perform vulnerability management activities. If this team member were gone, you would be unable to get this information to maintain this cyber service for your business.

Next Steps

  1. Understand how well-documented your cyber security program is, and any associated processes within it, with particular care to note single points of failure on the team.
  2. Where possible, have the team update internal process documentation in their areas to keep it currentMake sure documentation identifies any technologies that are needed to perform these process steps.
  3. Take an inventory of all identified security technologies. Be sure that accounts remain unique, but that multiple team members can access this system if needed.
  4. Include any business rules or tribal knowledge needed to practically perform these processes.
  5. Where possible, take advantage of shadowing across your team to limit single points of failure. 




Tactical Incident Management Readiness

It’s common for cyber-attacks to increase during times like these where organizations are not operating at full capacity with normal operation protocol or is under significant stress.

Examples:

We will see increases in phishing attacks associated with COVID-19, especially as workforce may be working from home on systems that may have fewer preventive safeguards on them.

Next Steps

  1. Determine if your existing incident management process is ready for potential attacks we're already starting to see.
  2. Establish trusted sources, such as a managed service provider, that can give your team updated information on any trends in attacks or awareness as successful attacks begin to spread.
  3. Educate your helpdesk on things to look for that may be a symptom of a cyber-related attack versus a common call.
  4. Where possible, perform simulations now to test your ability to respond based on your unique situation.
  5. Look to establish incident response retainers with service providers now to support you through any staff impacts or in the event of an incident scenario. 



Situational Effectiveness of your Security Architecture

Many organizations now have highly distributed work environments with their workforce operating from their homes. It’s important to make sure that these new architectures are evaluated to ensure they are still adequately protected with appropriate security technologies.

Examples:

Where possible, implement preventive and detective safeguards as needed and based on the situation. This can include phishing technology for people working remotely, adequate and secure communication technology, or centralized security logging and monitoring safeguards that receive these logs from the entire new environment.

Next Steps

  1. Determine the effectiveness of preventive and detective safeguards in your new architecture at each layer of technology including the application, database, network, operating systemand physical layer. 
  2. Perform a quick measurement of gaps in the security architecture at each layer of technology. 
  3. Where gaps are identified, see if they can be tactically fixed or if you must identify and implement compensating controls. 
  4. Review your cyber security insurance policy to make sure that any identified gaps will not impact potential coverage. 
  5. Remember that training and awareness is your cheapest and often most effective compensating safeguard. Training and awareness around phishing and password management are going to be critical during these times. 




Security Considerations for Employees Working at Home

It's important to secure the parts of your workforce that are working from home or offsite.

Examples:

Many home environments are not adequately secured including computers that are not adequately patched, inadequate anti-virus, as well as multiple vulnerable devices on their home network.

Next Steps

  1. Review your internal security policies and ensure they are updated for guidance on policy and standards while employees work from home.
  2. Create forums or FAQ’s for employees to ask questions or get advice about cyber safety tips and techniques for working from home.
  3. Ensure that you perform relevant and ongoing training and awareness for all employees.
  4. Ensure that your employees know how to report security events or suspicious activity while working from home.
  5. Feel free to share and modify to your needs or share the information for tips on working from home.  

Top Cyber Security Tips for Home Workers

These tips have been highly consolidated to provide you a simple, to the point checklist for securely working from home.

Apply Cyber Security Best Practice

Read your company’s security policy and direction while working from home. 

Only use company approved connectivity technologies (VPNscollaboration technologiescloud solutions, etc). 

Always ask your security team for help if you are unsure of what you should do in a specific cyber-related situation.  

Effective Password Management

Make sure you use different and complex passwords for every account you own. 

Where possibletry to use multifactor authentication on your accounts. 

Use a password manager to store your passwords such as Lastpass. 

Be Mindful When Working in Public Locations

Do not leave laptops or devices unprotected at any time. 

Do not leave laptops or valuables visible in your car at any time. 

Only use wifi connections you trust. 

Working on Company Supplied or Personal Computers

Only use company supplied machines for work activities whenever possible. 

Try and limit personal activities on work machines and vice versa. 

Make sure any computer you use is adequately patched and running updated anti-virus software before use. 

Be Aware of Phishing Scams

Cyber attackers will take advantage of the current landscape. Be mindful and think twice before you click, provide information, or act online or over the phone as cyber-attackers look to take advantage of this unrest. 

Be cautious of children or the elderly who are also susceptible to these types of attacks and may not be as cyber savvy.  

If you do feel you have clicked on an email or made a mistake, report it to your security team as soon as possible. 

Securing All Personal Devices on your Home Network

Use complex and unique passwords for devices connected to your home. 

Make sure that all the firmware and patch updates are applied and current on all connected devices on your network. 

Disconnect any old devices connected to your network that you no longer use.