Organizations are taking novel coronavirus (COVID-19) outbreak precautions with employees, travel restrictions are being put in place, and leaders are providing general workplace safety information on outbreak precautions. The chief security officer and your cybersecurity organization have a critical role to play in business continuity and COVID-19 preparations. To remain operational and minimize cyber risk, CSO’s should focus on the following area.
1. Remote Access Testing and Validation
Organizations must be prepared to activate contingency and business continuity plans, including protocols for employees working from home to limit the spread of the COVID-19. The workforce location may shift from on-site to full remote for an extended period of time. Because many of your employees do not typically or have never worked remotely, CSO and cybersecurity organizations should assess remote access systems. Are these devices patched and is redundancy functioning properly? Are there 2FA mechanisms and password reset capabilities? Are remote devices up-to-date and logging for all employees? If your organization has not performed a remote access exercise recently, now is the time to schedule a full “work from home” exercise and evaluate your readiness.
2. Pandemic Phishing Awareness
The potential outbreak has created an environment where people are searching for information and may be more susceptible to view a suspicious link or attachment. Malicious actors will leverage the COVID-19 warnings, alerts, and preparations with phishing and malicious attachments. Messages targeting account password resets are also in play as organizations prepare for workforce disruptions. Awareness is critical with people on edge, seeking information, and wanting to help. Work with your organization’s COVID-19 awareness team and include cyber awareness with the messages on preparation and company communications.
3. Cyber Staff Disruptions
The COVID-19 cyber risks go beyond technical controls. Preparing for staff disruptions is as important as ensuring visibility to remote access security events. Cyber leadership must identify critical roles and the individuals on the cybersecurity team who perform them. A plan should be put in place in the event of an extended absence of these key individuals in critical roles. Cyber teams of all sizes must consider cross-training of critical responsibilities or the use of external staffing consultants to bridge the gap in absent critical roles.
Hopefully COVID-19 will have no to minimal impact on your organization. While this can be a stressful time for companies, it does provide an opportunity to review outbreak response protocols and off-site security measures. With any event response, business operations will see less disruption if the CSO and cyber team communicate important security measures as the situation develops.