Amidst the landscape of challenges that face us all as we grapple with Covid-19, it's a pretty sad reflection of human behaviour to see the speed at which the cyber scammers have stepped up their game. But criminals also follow the old mantra of "never let a good crisis go to waste", and the sudden shift to a work from home model creates new opportunity for cyber threats.
Trevor Bennett, the head of Castle Hall's CybersecurityDiligence team, prepared the following list of considerations around cyber and the new work from home model.
- This is a time for firms to reinforce and reiterate their social engineering training and awareness programs. There will be e-mail campaigns namedropping the coronavirus and/or posing as leadership asking staff to do unusual things under the guise of the unusual times. Providing clear guidance to staff will be key. Stepping up phishing testing and staff feedback will also help.
- Incident response procedures should be reviewed and any updates or modifications to account for a remote workforce should be formalized. Hope for the best, but plan for the worst; ensure the organization is ready if there is a security incident facilitated by remote working, or equally if a response to a security problem has to be co-ordinated across a now remote workforce.
- As referenced in previous blog posts – the separation between business and personal devices and data should be reinforced. Staff should not be enabled/permitted to work on personal devices while remote.
- With staff working remotely, direct face-to-face contact/conversation is all but eliminated – firms will want to make sure that their staff have multiple avenues of verifiable communication (chat programs, video calls, internal phones as well as corporate e-mail) that they are familiar with and are utilizing, so that any (valid) unusual requests can be verified by an alternate means – i.e. a video call to confirm an e-mail request.
- It would be a time to re-enforce procedures for critical processes like movement of cash - ensuring that the proper controls and procedures are well known and that staff understand that the move to remote work does not bypass those controls, though they may have to be slightly modified. Any approval or confirmation steps which would have been performed in person should, ideally, be required to be performed on a video call, for example.
- Many firms with on-premises servers and systems may have had to scramble to ensure that their entire workforce can remotely connect at once, with VPN capacity being put in place. These remote connections should all enforce two-factor authentication – basic security controls should not be skipped.
- Anywhere that a firm can enable two-factor authentication and have not yet done so – now is the time. Public cloud services (Office 365, G-Suite) used for e-mail and file storage should especially be protected.
- There is a lot going on right now and things will not settle into a routine or return to ‘business as usual’ for a while – account compromises and breaches could slip through with so many other things taking urgent attention and other demands being placed upon IT departments for the foreseeable future. Keep IT resources healthy and well-staffed, and ensure that triage guidelines are clear for support requests and/or security responses.
Ultimately, the moral of the story is that, whenever possible, regular security controls, procedures, and processes should be maintained, likely with additional precautions taken.
This is also a time for an abundance of communication with staff, particularly those who are not used to remote work and for whom this will mark a significant change in routine. We expect to see cyber criminals attempt to take advantage of a confusing and troubling time.