C.I.A. is even more important now with #COVID19 – C.I.A. or confidentiality, integrity, and availability of data is even more important now that we are in the era of the novel coronavirus pandemic (known as #COVID19). As companies send their workers home to work during the pandemic for undetermined amounts of time the issue of data security becomes even more critical.
Both organisations and individuals will need to be vigilant. Since the workers are dispersed far and wide and not ensconced safely in the office and directly connecting to the corporate networks so everyone will need to step up their security consciousness and their security operations.
Organisations are about to run a real life test of their business continuity plans. Many will fail. Here are some things to watch out for.
Here are a few tips, this is not an exhaustive list:
- Ensure all machines have properly configured firewalls as well as anti-malware and intrusion prevention.
- Check your Virtual Private Network and other remote access channels, ensure that they are up-to-date and access systems are fully patched (there have been a number of recent VPN exploits).
- Test remote access solutions capacity. I suspect that many will need to increase capacity because most organisations did not plan on every single person in the company working offsite.
- Review business continuity plans and ensure that the cyber security team is in the room.
- Review your incident response plans and update them to accommodate the dispersed workforce and the increased risk.
- Ensure that staff know where to find help if they need it, and have multiple channels in case of an incident.
- Ensure that system monitoring is ready for detection and alerts of abnormal activity.
- Implement multi-factor authentication for staff (this should ideally be done during normal business and not during a crisis).
- Ensure that your cyber security posture is maintained. The temptation is to relax controls in response to a crisis, but make sure that any relaxation of controls is risk assessed and mitigating controls are applied.
- Ensure that staff know how to connect with the cyber security team via different channels.
- Individuals will need to take care and ensure that they do not disclose any personal or corporate financial information in response to emails and text messages – even ones seeming to come from colleagues. Phishing attacks are already happening in respect of COVID19.
- It is also important to use trusted sources, such as government or medical websites, for current and fact-based information about COVID19. I often recommend the ABC podcast called Coronacast, hosted by Dr Norman Swan, for calm fact-based information about COVID19.
- Further, it is critical to use trusted wifi or home broadband connections with a VPN (if their company provides one, if their company does not provide one then it would be prudent to buy one yourself). DO NOT USE PUBLIC WIFI unless you have no other choice and then only with the protection of a VPN.
- Be ready to report any concerns about cyber security or suspicious emails and text messages to their cyber team.
- Individuals should also ensure that their anti-virus and anti-malware solutions are up to date, and turn on the firewall software on their devices.