This sudden shift to working from home significantly raises cyber risks to businesses. The Federal Bureau of Investigation, the US Computer Emergency Readiness Team and the US Secret Service have warned of a sharp increase in cybersecurity attacks and scams, designed to steal personal information, trade secrets and other data. This includes information related to possible treatments or vaccines related to COVID-19, along with a surge in ransomware attacks, reportedly including attacks on several hospitals and healthcare organizations treating COVID-19 patients.

In this uncertain time, there are several steps you and your organization can take to help reduce COVID-19 cybersecurity risks.

1. Secure and harden your virtualized private network (VPN).

In recent years, the VPN has been a convenient tool for executives and employees to safely work remotely. While access has predominantly consisted of weekend or vacation employee access, the VPN must now support an entire workforce working from home, around the clock, and on sensitive matters.

Tips for businesses to make VPN access scalable, reliable and secure include:

• Make sure that VPNs can scale not only expected traffic, but also excess or “overflow” traffic. One provider, NordVPN, reported a 165% increase in the number of average daily users. Scalability can be handled via a software or appliance solution based upon corporate need. Certain solutions require user companies to maintain software licenses, which can generally be purchased on an individual basis.
• Use multi-factor authentication (MFA) for all VPN access. In the current cyber threat environment, MFA is crucial. If not already deployed, businesses should expand MFA to additional staff and endpoints. While an MFA rollout may cause inconvenience at a time when workers are already disrupted, requiring MFA for VPN access is an important step in warding off unauthorized access.
• Update servers running your VPN and promptly patch vulnerabilities. Vulnerabilities should be prioritized according to severity and likelihood that they will be exploited. Delays in patching known vulnerabilities significantly increase the risk to your organization.
• Practice least privileged access religiously and restrict administrative access. If a large portion of your workforce has administrative access, an attacker who obtains those credentials could access your VPN and move laterally through company systems.
• Change default and administrative passwords regularly and utilize password complexity. Consider changing your password policy to require lengthier and more complex passwords. At minimum, maintain routine password change requirements at regular intervals.
• Ensure that security features and remote access precautions are enabled for employees. If necessary, devise alternative security solutions.
• Ensure executive and CISO level oversight of any change management, including to the network baseline or devices.
• Update “Bring Your Own Device” (BYOD) rules and standards to securely manage BYOD devices using mobile device management (MDM) software in order to allow secure access to internal resources. Confirm endpoints with VPN access are equipped with adequate endpoint security software and meet system security configuration guidelines, including items such as Split Tunneling, least privilege and host-based firewalls. BYOD devices with access to internal applications should be managed by MDM software in order to ensure compliance with security requirements.

2. Strengthen email filters to guard against phishing attacks.

To protect your organization, remind employees to stay vigilant and follow cybersecurity best practices while checking email and browsing websites. Companies should set up or strengthen email filters to guard against phishing and spoofing attacks. Email filters generally work by blocking potential spam email or malicious content, or through specifically configured rules-based approaches, which may be bolstered by machine learning. A comprehensive email solution protects against all threats, including phishing, impersonation and spam. Employee training regarding phishing techniques and frequent updates to your workforce on common COVID-19 spam email campaigns can help keep your network safe. Here are specific tips to convey to employees:

• Treat emails that appear to come from health authorities, such as the World Health Organization (WHO), with caution. The WHO has issued official guidance warning of threat actors impersonating organizations in order to carry out scams and attacks.
• Trust only well-known sources for information on COVID-19. Fake donation websites and email addresses are being used to steal passwords and financial information.
• Exercise caution when opening attachments or clicking links from unfamiliar senders or websites.
• Be wary of attempts by threat actors to reach out by telephone (vishing) or text (smishing).
• Notify your helpdesk or information security team immediately when you receive suspicious communications.

In addition, here are some helpful resources that address these threats:

· Coronavirus Fraud Schemes Surge, as FBI, HHS OIG Advise Cyber Hygiene

· Defending Against COVID-19 Cyber Scams

· COVID-19 Complication: Ransomware Keeps Hitting Healthcare

3. Stay on top of patching and backups

Whether you’re in the office or at home, patching and backups can be game-changers for the security of your network. Ensure that your organization continues to deploy security patches for infrastructure and software. Bad actors may take advantage of lax patching practices, so be mindful of the availability of patches to address vulnerabilities. Backups ensure that data can be recovered in the event of data security incidents, such as ransomware, system failures and other data integrity issues. Having a reliable, recent backup that has been tested can help you avoid paying a ransom to malicious actors.

4. Ensure IT and security staff resiliency

The exceptionally wide reach of COVID-19 may necessitate cross-training, teaming and collaboration between IT and information security in the event that COVID-19 strikes several key employees at once. Organization should ask the following questions:

• Have we appointed a backup CISO who takes the helm when the CISO is traveling or out sick?
• Does the incident response plan designate a backup to the backup leader, in case personnel are unavailable?

5. Review your incident response plan (IRP)

An IRP is like the coach’s playbook for an entire game. In addition to being required by certain regulators, a good IRP should tell the incident response team how to respond to a credential harvesting attack, a ransomware attack or a network intrusion. Carefully review your existing plan to ensure that it accounts for a remote workforce scenario. Managing logistics and details are key to deploying an effective incident response.

When reviewing your IRP, consider these questions:

• Do you personally have access to the latest version of the IRP from home?
• Would the IRP be accessible if company systems were encrypted in a ransomware attack or otherwise disabled?
• Does a hard copy of the IRP exist, and is it easily located in a secure home workspace?
• Do other critical team members have copies, or should the plan be redistributed?
• Does the IRP include updated cellphone contact information for all incident response team members?
• Does the IRP include alternate email addresses and a plan for offline or out-of-band communications, in the event that connectivity is disabled or the threat actor is inside the network?

6. Call the cavalry: managed security service providers.

When healthcare organizations are inundated with seriously ill patients, they can’t afford downtime caused by data security incidents. As government and other charitable organizations step in to assist, malicious actors will seek to take advantage of the situation to disrupt services. When security teams are shorthanded, personally affected by the virus, or must care for a loved one who is affected, oversight of IT systems may be impaired. Unfortunately, this is often the time when cyber criminals take advantage of organizations.

To help manage a potential perfect storm, consider engaging a trusted cybersecurity firm to provide managed security services. These solutions can help your security team augment managed detection and response in order to identify threats early and reduce the consequences of a breach. Implementing 24/7 managed detection and response can contribute to your peace of mind and allow internal teams to focus on building the necessary resilience in this uncertain climate

[View source.]