Monday 30 March 2020 8:17 am

COVID-19 and cyber: Critical actions for employees and business to take now

Recent weeks have been challenging for us all on so many fronts. Most importantly businesses have had to prioritise the health of society whilst doing their very best to keep things on track. Each day has brought new challenges as employees rapidly adapt to new ways of working. How can businesses maintain operational resilience and security with the rapid transition to remote working?

The ability to remain connected during this time is going to be crucial, and so much of this is going to rely on online services and technology. Whether it’s new home working practices, online shopping or video calls and social media with friends and family; we are all impacted. Maintaining operational resilience will be crucial to delivering these increased demands.

COVID-19 webcast: Maintaining business continuity

Enterprises across sectors face an evolving cyber threat landscape due to impacts from the pandemic and a rapid transition to remote working. Security will play a key role in mitigating these threats and helping limit cyber-attacks and incidents. Businesses need to ensure they can continue to provide vital online services and technology to their customers and clients during this time.

At EY, we are seeing COVID-19 being used in cyber-attacks, including targeted phishing and email spam, business email compromise, malware, ransomware and malicious domains. Coronavirus-themed domains are 50% more likely to be malicious than other domains. Home working is also leading to an increased load on helpdesk and IT and in some cases, users are installing their own software or deferring security patches for their computers – all of these scenarios are increasing risk for organisations.

The following actions could be considered to help protect your organisation during this rapidly changing environment and cyber threat landscape.

Key messages for employees

1) Be mindful of your online hygiene
Be careful of clicking on suspicious links, especially if related to coronavirus, as attackers are using fear to prompt victims into clicking without thinking.

Consistently follow your company policies. Employees should adhere to all policy, guidelines and rules for accessing the company network outside the office. People need to ensure they report any suspicious behaviour to support teams and follow basic ‘hygiene’ standards: e.g. install key computer security patches, antivirus and malware, regular scanning, etc.

2) Don’t allow family members to use your work devices
Laptops, mobile devices and sensitive data needs to be treated as they would be in the office.

3) Use your company approved storage solution
Work data should always be kept in secure locations that are approved by and accessible to approved users.

4) Only use company-approved devices and consult your IT department if you will be using a personal device to connect to corporate networks
If connecting through home Wi-Fi, it is important to ensure that strong passwords are in place and public or unsecured networks are avoided.

If a personal device is used (on an exception basis), users should be even more careful in updating operating systems, antivirus and updating firewalls.

Key messages for cyber security and IT teams

For now

Check crisis management and incident response capabilities internally and also availability of providers. Is the end-to-end process impacted? Will processes still work when the majority of people are restricted to remote working?
Ensure white listing and marking external emails as ‘EXTERNAL’. Furthermore, employees should be kept informed about increases in phishing attempts with COVID-19 related topics and ensure they do not to click unknown or suspicious links.
Implement Multi Factor Authentication (MFA) on all Virtual Private Networks (VPN) connections and critical cloud servicesto increase security. If MFA is not implemented/possible, require home workers to use strong passwords.

On an ongoing basis

Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations.
Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications—such as rate limiting—to prioritise users that will require higher bandwidths.
Closely monitor privileged access by optimising the behavioural analytics tools for detecting suspicious activity for admins and those who handle critical data.
Adapt security monitoring systems and strengthen the log monitoring rules for triggering alerts.Security operations teams should manage the increased number of alerts, sorting them by risk and detect false-positives from real suspicious events. Additional resources may be required for this.
Increase attention to remote access cybersecurity tasks including log review, attack detection, and incident response/recovery.
Ensure web and email protection by implementing web filtering technologies to prevent employees from visiting malicious websites. Implement email filtering rules to block spam and phishing emails.
Limit administrator access and activities to only what is strictly necessary. Administrative activities should be closely monitored and controlled (E.g. with a ‘Four Eyes Principle’).
Increase emergency management capacities, by reallocating resources. Check if your backup is working, test your failover capabilities. Help desks should also be prepared to handle an increased number of events and have a procedure to categorise those events.
Increase your endpoint monitoring protection, looking out for suspicious behaviour and multiple deferred patches.

Given everyone has so much change to deal with right now, getting awareness out to your employees, IT and security teams to be extra vigilant over the coming weeks will play a big part in maintaining key business operations and supporting new ways of working.

For further insights on responding to COVID-19, visit EY’s dedicated hub: ey.com/covid