Header Ads

Article: Cyber security in the time of coronavirus




Changing working patterns

With the ongoing spread of coronavirus, government guidance is changing rapidly. In many countries, healthy individuals are being asked for the first time to avoid unnecessary public exposure, for example at large gatherings, on public transport … and in the workplace.

As a result, many businesses around the world are now either planning for or actively implementing a business model involving far more remote workers than they had ever anticipated. IT and management teams are hard at work on the infrastructure and organization to facilitate this. In the rush to keep businesses working, there is a significant risk that security will not be properly thought through.

Good business cyber security practices, under any circumstances, should consider the following:
·        Is the technology and infrastructure deployed secured against malicious actors, outside and inside the organization?
·        Do all company employees, subcontractors and relevant third parties have clear instructions and guidance on how to conduct their work in a secure manner?
·        Do any of the security measures in place block employees from conducting their work efficiently?

If the right level of security is in place, your business will be well-placed to fend off cyber security threats. Too little, and you are vulnerable. Too much security, applied in the wrong ways, and your employees will feel stifled and start finding workarounds, ultimately still leaving the business vulnerable.

Key security advice when building remote capacity

In this spirit, S-RM has listed below some key areas to consider when planning or deploying remote working capabilities.

Securing devices

One key consideration for remote workers is that they have laptops, mobile phones, tablets or other devices to work from. Many companies are now issuing additional equipment to their workers, to allow them to remain fully effective outside the office. But please be aware of the following:

Make sure you have effective asset management in place. Know what devices have access to your network and data, plan for any changes, and block or remove obsolete equipment from your network before it becomes a weak point in your security.

All company devices, especially any device taken outside the office, should be encrypted, protecting data if they are lost or stolen.

·        Use BitLocker or a suitable third party solution for Windows devices
·        Make sure encryption is active on Apple devices (it normally is!)
·        Make sure appropriate encryption is in place on other mobile devices

If you allow employees to use their personal devices, consider whether your corporate data is appropriately secured. Mobile Device Management solutions may allow you to secure data on these devices, or you may need to restrict what employees are allowed to access in the first place.

Don’t forget about the equipment that is still in the office! With employees working from home, is there sufficient physical security at your sites to protect servers, desktops, and other parts of your network from malicious actors?

As you move devices, employees and user accounts around, don’t forget the other parts of day-to-day security preparation – strong passwords, secured and appropriate local administrator accounts, and control over the applications and services on your network are just as important as ever, to name a few.

Securing your networks

If your endpoints and your servers are both appropriately secured, it’s important to make sure the two can connect! Access to your network should be easy for legitimate users, but blocked (or at least very difficult) for everyone else. Consider the following:

·        Method of connection. Well-configured VPN clients on all employee devices allow secure access to the network through a private tunnel. Other secure access solutions will be available for particular use cases. If you need employees to achieve access from the open internet, are they connecting to a particular external firewall, or a well-managed cloud service like Office 365? When planning user access, try to limit as far as possible the exposure of additional areas of your network to the internet and its many threats.

·        Restricting access. Many types of connections can be configured to further secure them against malicious actors. If you are using a cloud service like Office 365, consider restricting access where possible to particular devices, particular IP ranges, or to particular types of connections. Firewalls and other services will offer many similar options for carefully managing access rules. Consider restrictions inside your network too; preventing connections or user accounts from going beyond certain areas will reduce the risk from one unsecure employee or unforeseen vulnerability.

·        Strong authentication. The next step in securing any access is to ensure that strong password policies and multi-factor authentication are enforced. Enforced strong password policies are a must for all services, not just those that are meant to be publicly accessible. Multi-factor authentication should be used as much as is practical for your business. Remember that there are many types of authentication; while text messages might seem like the path of least resistance, if you have time to set up an authentication app your business will be much more secure, while device-based authentication might be appropriate in places to reduce frustration for employees.

·        Think of everything. To secure a network, you have to consider all the different ways it can be accessed. How are your employees accessing their mailboxes from their mobile devices? Do employees need to connect to operational technology such as factory equipment (and is it safe to let them)? How is remote desktop access into your network structured? If you fail to secure these, you create vulnerabilities; if you fail to facilitate them, you prevent employees from working.

Securing employee connections

The network may be thoroughly secured at your end, but that data has to come from somewhere. As employees are based outside your secure environment, it is often up to them to make sure they are acting appropriately. You can help by providing them with suitable guidance (as discussed further below) on topics like:

·        Setting up home wifi. Ordinary home users often neglect basic security when setting up their home environments. You can help your employees with simple advice backed by senior leadership. Basics like changing network name and access and administrator credentials are key, and employees should also ensure appropriate network encryption is in place, remote access is disabled, and that the software is kept up-to-date.

·        Accessing other networks. You may want to consider providing guidance to your employees about (not) using public wifi, about how network names can be spoofed, and how man-in-the-middle attacks can be launched on public wifi networks. A lot of the guidance on using public wifi for business purposes is now very similar, but by specifically setting out your own rules and guidelines you can make sure your employees have a clear understanding of best practice. Don’t forget to mention the other risks of working in public places, relating for example to Bluetooth connections and to simple over-the-shoulder spying.

·        Communications channels. Make sure your employees have a clear understanding of how they should communicate with you, with third parties and with each other. Make clear that work emails should be confined to work accounts, and which messaging services they should use (do you have a specific business solution, or are they on WhatsApp?). If you don’t make sure there are clear lines of communication available, before long your employees might well be texting each other passwords or customer names, with all the attendant risks. If you do provide clear solutions, you can effectively monitor them for any potential threats, for inappropriate data movement, and for other business purposes.

·        Watch out for Coronavirus phishing. As with other major world events, the COVID-19 outbreak represents an opportunity for malicious actors, from simple scammers to government-backed hacker groups. Individuals and businesses worldwide are now being targeted by phishing campaigns designed to play on fear of the virus and of the lack of reliable information on the outbreak. Extra vigilance should be exercised by all regarding any communication, hyperlink, attachment or request for information relating to coronavirus. Warning your employees about this will reduce the threat to them and to you.

Informing your employees

The points above are all important areas where you can provide guidance to your employees, but in fact clear and effective communication is one of the most important steps you can take in any area. Even if you have a clear plan and a secure infrastructure in place, without clear information employees will make mistakes, or else assume you don’t have a plan and start taking (potentially unsecure or counterproductive) measures of their own.

Make sure employees are clearly informed, at least a week in advance if practicable, about what devices they can use, what services they can access, and how they should do so. Keep them up to date if this changes. Some employees may not have the access they need; you need to find a solution before they come up with their own! If access isn’t in place yet, employees should know when implementation is planned so they can act accordingly, and if at all possible, what alternative solutions are available in the interim.

Communications of this type are not just a matter for technical IT or Cyber Security teams. Communication with employees regarding remote access should be overseen by executive management-level staff. While the technical teams can provide the appropriate solutions and guidance that employees need, this information needs to be effectively prepared and packaged so it can be delivered in clear and simple language, using an appropriate method, and at an appropriate time. Importantly, the guidance or policy should be clearly backed by the senior leadership of the organization, to ensure that it has the authority and clarity needed to convince employees to follow the advice given.

As much as practicable, make sure you provide sufficient information to third parties as well, including any customers who need to access your network. They will also need to know how to contact you, how to access relevant services and infrastructure, and what you expect from them in terms of their own security. Make sure your planning and requirements are clearly in place, then let them know clearly and decisively what you want – and, if the situation changes, consider when it will be most effective to update them.

Planning for the worst

Any cyber security professional knows that no one is ever absolutely safe from a malicious attack. Combining the increased exposure from remote working with the confusion and short deadlines of responding to the changing coronavirus situation only increases that risk.

If you have effective cyber incident response, crisis management and/or business recovery plans in place, it is important to review them in light of your new operating environment. Can you access all the equipment you will need to test or reset? Is your data still being backed up to a secure site? Can your users still effectively report phishing or other indicators of cyber incidents? How are you going to maintain communication between the key crisis managers if all your laptops and mobiles get encrypted with ransomware? If your plan isn’t tested yet, now may be the wrong time to start – but at a minimum do all the relevant staff at least have a clear understanding of the plan, and how your current situation has altered it?

If you don’t have these plans in place, you likely don’t have time to build them right now, but it is important to at least consider the basics. Do you know where your key data is stored? Do you know what services are key to your business survival? Do you have backup communication channels, independent of your network? Do you have similarly separated, and regularly updated, data backups?

Most of all, in your current situation – who will be needed to respond to a crisis? Who else needs to be informed? How are they going to coordinate, and who will replace them when they need to get some sleep?

Evolving

As stated earlier, the global situation, and advice from governments, is changing rapidly. As time passes, businesses may have more time to implement additional measures and better adapt to the new situation; or new events may force them to continue to react. In either position, please bear in mind the following:

·        Cyber security should be a part of your IT and business planning, not something added on at the end where it will be ineffective or will get in the way
·        Always keep your eye on the prize of your key data, assets and services that need protection
·        Always consider your whole network or organization – be careful not to miss gaps in your defenses, or legitimate business needs that you are inadvertently blocking
·        Communicate with your employees – use clear and simple messaging, make sure the information provided is well-founded and authoritative, and explain how they should act in order to do their jobs effectively

(About the authors: John Coletti is Chief Underwriting Officer & Head of North America Cyber and Technology for AXA XL, a division of AXA. Aaron Aanenson is director of cyber security for S-RM.)

36 comments:

  1. I am glad to discover this post helpful for me, as it contains a great deal of data. I generally want to peruse the quality substance and this thing I found in your post about cyber security. A debt of gratitude is in order for sharing. Best Canadian Land Transfer Tax Calculator

    ReplyDelete
  2. The web site is lovingly serviced and saved as much as date. So it should be, thanks for sharing this with us. Gaming zone

    ReplyDelete
  3. Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It's also known as information technology security or electronic information security. Elevate Technology provides the Best Managed IT Services Brisbane. With guaranteed response times, reliable hardware, and expert knowledge they can elevate your business network to a new level. Thanks for this beneficial article.

    ReplyDelete
  4. Your web host could be silently eating up about 85% of your income. Find out here 10 short sharp tips for choosing a reliable, efficient and affordable web host ans save yourself the anxiety and emdarassment that comes with a poor web hosting service. top web hosts in 2020

    ReplyDelete
  5. Super site! I am Loving it!! Will return once more, Im taking your food likewise, Thanks. FEATURED

    ReplyDelete
  6. The principle grounds of GT possesses more than 400 sections of land in Atlanta, Georgia. Georgia Tech likewise works a satellite grounds in the Savannah. They additionally have a field research station in Griffin which is in the South of Atlanta. hotmail sign in

    ReplyDelete
  7. At the point when UGA resuscitated its football program in 1919, they gladly declared "UGA in Argonne" and "TECH in Atlanta" on march skims. Thus, press kit

    ReplyDelete
  8. Positive site, where did u come up with the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include. sendowl

    ReplyDelete
  9. I have been surfing online for more than three hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. Personally, sagame
    ufa

    ufabet

    ReplyDelete

  10. This is just the information I am finding everywhere. Thanks for your blog, I just subscribe your blog. This is a nice blog..

    ufabet
    ufa
    sexy baccarat
    slotxo
    sagame

    ReplyDelete
  11. Watch movies online sa-movie.com, watch new movies, series Netflix HD 4K, watch free movies on your mobile phone, Tablet, watch movies on the web. ดูหนังออนไลน์


    SEE4K Watch movies, watch movies, free series, load without interruption, sharp images in HD FullHD 4k, all matters, all tastes, see anywhere, anytime, on mobile phones, tablets, computers. ดูหนังใหม่


    GangManga read manga, read manga, read manga online for free, fast loading, clear images in HD quality, all titles, anywhere, anytime, on mobile, tablet, computer. อ่านการ์ตูน


    Watch live football live24th, watch football online, link to watch live football, watch football for free. ผลบอลสดa

    ReplyDelete
  12. เราคือผู้นำด้านเกมพนันออนไลน์ Major168 เราคือผู้ให้บริการ คาสิโนออนไลน์ คาสิโนออนไลน์ ที่ได้รับรองว่าดีที่สุดในประเทศไทย มีค่ายเกมส์ให้เล่นมากมาย Sagaming, Sexy bacarat, Dreamgame, Ebet, Wm casino, Vivo gaming ไม่ผ่านเอเย่นต์ ระบบปลอดภัยมีทีมงานดูแลตลอด 24ชม.

    SAGAME88 แหล่งรวมเกมส์พนันออนไลน์ คาสิโนสด บาคาร่า กำถั่ว คาสิโนออนไลน์ ไฮโล รูเล็ต รับเครดิตฟรีเล่นได้ทุกเกมส์ โบนัสสมาชิกใหม่เพียบ พร้อมระบบฝากถอนออโต้ 10วิ เรามีทุกค่ายเกมส์ให้คุณเลือกเดิมพัน SA Game Sexy bacarat Dreamgame WM Casino VIVO Gaming Ebet เล่นได้ทุกเกมส์

    Our website ufabet provides betting services in the system of Auto Deposit-Withdrawal. Our members are not only in Thailand. Online football betting UEFA Bet market And this makes a guarantee that Ufabet168 is another reliable football betting website

    ufa through the website UFABET1688 a web gambling online , one that integrated all the bets from online casinos , online casino , online , and also have a game a lot more to be chosen to play such games.

    ReplyDelete
  13. This is the best blog annualeventpost I ever see. Thanks for sharing information with us.

    ReplyDelete
  14. Great Article it its really informative and innovative keep us posted with new updates. its was really valuable. thanks a lot. localizacion satelital

    ReplyDelete
  15. monitoring CCTV, answering phone calls, and conducting patrols throughout the day and night. We can also conduct random home visits if you’d prefer not to have permanent security at your home.ex military bodyguards for hire

    ReplyDelete
  16. Whatever you’re thinking we can craft exclusively for you. samishLeather.com
    Although you have the option of shopping from our existing range of men’s genuine leather jackets.

    ReplyDelete
  17. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. check this link

    ReplyDelete
  18. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. read more

    ReplyDelete
  19. Meteor88 merupakan situs judi online terpercaya yang menyediakan permainan judi online uang asli terlengkap di Indonesia. Meteor88 Menyediakan permainan Judi Online paling lengkap diantaranya : Sportsbook, Slot Online, Live Casino, Poker Online, Judi Tangkas, Tembak Ikan, Sabung Ayam dan Togel Online. Semuanya bisa di mainkan hanya dengan 1 User ID. Selain menyediakan permainan judi online yang begitu lengkap, meteor88 juga menyediakan Bonus yang sangat menarik untuk para membernya, diantaranya : Bonus New Member 100%, Bonus Deposit Harian 10%, Bonus Cash Back 15%, Bonus Rollingan 1% dan Bonus Refferal sebesar 20%.

    Untuk Informasi lebih lanjut silahkan kunjungi link di bawah ini :

    Judi bola online resmi

    Judi slot online terpercaya

    Judi live casino terbaik

    Judi poker online terbaik

    Judi tembak ikan terbaru

    Judi sabung ayam online

    ReplyDelete
  20. ตั้งแต่บาคาร่าไปจนถึงแบล็กแจ็กรวมถึงทุกอย่าง ทั้งหมดที่คุณต้องการเพื่อความเพลิดเพลินกับประสบการณ์คาสิโนสดที่มีมาตรฐานสูงสุดมีให้ที่ BK8 ทำให้การเยี่ยมชมคาสิโนสดระดับโลกจากบ้านของคุณเป็นเรื่องง่าย สมัครสมาชิก bk8thai

    ReplyDelete
  21. The top spot of this ranking is AtozTopNews. This website boasts a large and active contributor base. Therefore, it's a fantastic resource to get the latest news on the most cutting-edge technology. The website has information on the most recent business news about tech startups and the new launch of new products. It also contains an extensive database of startup information, including funding information to details about the founders.

    ReplyDelete
  22. ANZSLOT Situs slot Pay4D terbaru, terpercaya, terlengkap, bonus 100% didepan deposit dana, ovo, gopay, linkaja, pulsa 24 jam tanpa potongan.

    ReplyDelete
  23. Thanks for your marvelous posting! I quite enjoyed reading it, you can be a great author.I will remember to bookmark your blog and will often come back later in life. I want to encourage you to ultimately continue your great writing, have a nice weekend! 먹튀사이트

    ReplyDelete
  24. This comment has been removed by the author.

    ReplyDelete
  25. WE HAVE SOLD THOUSANDS OF OUR ALTERNATIVE ACQUA DI QIO FRAGRANCES TO MEN ACROSS THE COUNTRY. II.GEORGIOS IS OUR BEST-SELLING FRAGRANCE! IN TERMS OF FEEDBACK, OUR CUSTOMERS OFTEN COMMENT ON THE SIMILARITY TO THE ORIGINAL AND THE QUALITY OF THE SCENT, WHICH LASTS FOR HOURS THROUGHOUT THE DAY. DON’T BELIEVE US? TRY IT FOR YOURSELF BY ORDERING A SAMPLE SIZE, AND LET US KNOW IF YOU CAN TELL THE DIFFERENCE! VISIT Perfume Store In Texas San Antonio AND CHECK OUR CUSTOMER FEEDBACK.

    ReplyDelete
  26. Thank you for another informative blog. Where else could I get that type of info written in such a perfect approach? I have an undertaking that I’m simply now working on, and I’ve been on the lookout for such information. สล็อต ออนไลน์

    ReplyDelete

Powered by Blogger.