Enterprises across sectors face an evolving cyber threat landscape due to impacts from the COVID-19 pandemic. Did you also protect your IT infrastructure and data against the corona virus?
Due to the spread of the corona virus, government authorities issued guidance to maintain social distancing and forbid social gatherings (office, theaters, bars etc.) across the globe. This has resulted in enterprises across diverse sectors, including EY, to recommend their employees to do remote work.
Understandably, cybersecurity may not be the top priority during this ongoing pandemic, however If a company does not have a strong and adequate cybersecurity policy and a suitable protection system for the current moment, stating remote work will require certain precautions, especially considering that not everyone has the right devices, processes, and infrastructure in place to support a fully remote workforce.
Below you have Quick wins to protect your organization:
- Update VPNs, network infrastructure devices and devices being used to remotely connect to work environments with the latest software patches and security configurations.
- Pay better attention to the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
- Set up multi-factor authentication (MFA) on all VPN connections to increase security. If MFA is not set up, require employees working remotely to use strong passwords.
- Whitelisting and flagging of external emails. Furthermore, inform employees about an anticipated increase in phishing attempts with corona virus-related topics and ask them to refrain from clicking on suspicious links from unfamiliar sources.
- Ensure that IT security personnel test VPN limitations to prepare for a massively increased usage and if possible, carry out modifications such as rate limiting in order to afford priority to users requiring larger bandwidths.
- Web and email protection via web filtering technologies aimed at preventing employees from visiting malicious websites. Establish email filtering rules to block spam and phishing emails. Hospitals and other institutions with critical infrastructures must observe these guidelines more strictly and should consider whitelisting.
- Closely monitor privileged access by optimizing the behavioural analytics tools designed to detect suspicious activity for admins and those who have access to critical data.
- Limit administrator access and activities to those that are absolutely necessary. Administrative activities should also be more effectively monitored and verified (by applying the principle of dual control, etc.).
- Increase emergency management capacities by reallocating resources. Check if your backup is working and test your failover capabilities. The Help Desk should also be prepared to handle an increased number of events and should be able to apply the procedure to categorize those events.
- Security Information and Event Management (SIEM) systems should be adapted in order to strengthen the log monitoring rules covering the triggering of alerts. Security Operation Center (SOC) and monitoring teams should be available to manage the increased number of alerts, to sort them by risk based on a robust process and to detect false positives from suspicious real events. Consider increasing headcount for these purposes.
- Prepare for the worst, review internal crisis management and incident response capabilities as well as the availability of your providers. Considering expanding your provider landscape.
For more cybersecurity advice feel free to contact us at any time!
For more information about EY, visit our website.