Most companies have moved to a remote workforce due to the COVID-19 virus, and cyber criminals have taken full advantage. The FBI has warned businesses and organizations to be extra diligent during this time to avoid a serious security event that could disrupt operations.
Ensure patching of your devices and applications continues. These devices include laptops, workstations, servers, switches, and other devices that are on your network. Cyber criminals will utilize unpatched devices to compromise your network. Consider an increase in your efforts to review, test, and patch your critical systems.
Many larger IT projects may be put on hold. Now is an opportunity to have those resources reallocated to patching out-of-date devices and applications.
The FBI has reported a massive increase in phishing attempts using COVID-19 theme emails. Remind your employees to pay extra attention to emails that are out of the normal or suspicious in nature. Consider performing a phishing test using known COVID-19 phishing emails to educate employees.
3.Segmentation for Bring Your Own Devices (BYOD)
Some companies may allow employees to connect to your network with their own personal device. This poses a risk as the same security applications that are on your company issued computers may not be on the personal devices. For example, personal computers may not have antivirus installed.
Review the possibility of segmenting personal devices on the network and only allow access to required systems. IT and Information Security should pay special attention to URL (Internet) Filtering security applications that may be installed as these tools may be able to detect Indicator of Compromise (IoC).
Cyber criminals are increasing their attacks in all technology vectors. It is important to stay extra vigilant in reviewing your firewall logs and your Security Incident Event Management (SIEM) for malicious activity. If your company employs a Security Operations Center (SOC), speak with them to share your concern and ask if they have increased their monitoring sensitivity for malicious events.
The ability for your company to function with a remote workforce has never been more critical. Taking the proper precautions and managing the risks will help ensure successful continued business operations.
For current cybersecurity threats as it relates to COVID-19, please visit the FBI’s website.
All of Conner Strong & Buckelew’s updates related to COVID-19 can be found by visiting our COVID-19 Resource Center
