Facing COVID-19 Cyber Risks


Dealing with the coronavirus (COVID-19) outbreak is tough and challenging forcing our companies to adapt fast and ensure the continuity of their operations by instantly digitalizing and working remotely. These changes however, involve real cybersecurity risks that our companies should be aware of and work to mitigate in the face of the COVID-19 outbreak. With increased remote work there is an increased risk of employees accessing data through unsecured and unsafe Wi-Fi networks, using personal devices to perform work, and not following general security protocols established by the company. This reveals the need for real cybersecurity measures that should be implemented by every responsible organization.

We at AMATAS believe that in this difficult moment we have to help and support each other. This is why we would like to share our general guidelines how to deal with the Covid-19 cyber risks and protect our digital lives.

Physical security

Secure company devices

  • Implementing full disk encryption and use of TPM.
  • Using strong passwords for each stage of authentication - not only for logging-in the operating system, but pre-boot authentication as well.
  • Implement auto locking-out mechanism and encourage such routines. The employees should be advised not to leave company property unattended.

Handling document

  • Employees may take sensitive or confidential materials offsite that they would not otherwise. They may also print documents containing sensitive nonpublic information in public locations or on network printers with unsecured connections. We think employees should be advised not to take critical materials off-site unless unavoidable and never to print corporate documents at home unless absolutely necessary.
  • Employees should be advised to return all printed materials once they return to the office for proper destruction and to avoid disposing of documents at home without proper cross-cut shredding.

Securing remote connections

Use of VPN

  • Where possible remote access to company networks should be established through a virtual private network (VPN), which routes the connections through the company's private network, or another encrypted connection mechanism.
  • In case employees are remotely accessing sensitive information on the network, VPNs should be configured with multi-factor authentication (MFA) as an added security layer. With MFA enabled, even if an employee's VPN credentials are compromised, an unauthorized actor will be unable to connect through the VPN without a second factor (i.e., a code sent to an individual's smartphone, token, biometric verification, etc.).
  • Firewalls must be properly configured and monitored to identify attempted or successful connections from unauthorized or suspicious Internet Protocol (IP) addresses.

BYOD

Use of personal devices

Personal devices are more likely to be used when employees are working remotely, and such use presents additional cybersecurity risks given the lack of corporate control over the devices.

  • Where mobile devices (i.e., mobile phones, tablets, laptops, etc.) are permitted to connect to the corporate network, ideally such devices should be controlled using mobile device management (MDM) software.
  • The personal mobile devices should be encrypted and protected using strong alphanumeric passcodes.
  • The device must lock itself with a password or PIN or Biometric recognition if idle. The lock time must be set to the lowest available time.
  • Employees should be advised to install antivirus protection on their devices.
  • Rooted (Android) or jailbroken (iOS) devices or similar should be strictly forbidden from accessing the company network.

Use of Wi-Fi networks

Access through unsafe Wi-Fi networks

Employees working from home may access sensitive business data through home Wi-Fi networks that will not have the same security controls — such as firewalls — used in traditional offices. More connectivity will be happening from remote locations, which will require a greater focus on data privacy and hunting for intrusions from a greater number of entry points.

  • Employees should be advised to secure their home Wi-Fi networks with a robust password with minimum WPA2 encryption mechanism put in place.
  • Prior to authorizing remote connection to the corporate network, employees should be instructed about the logistics of connecting to the network, appropriate use of Wi-Fi, and steps to take if a security incident or other compromise is suspected or identified. While these subjects are often covered in annual employee trainings, now is a good opportunity to provide a training update or informal security reminders. Regardless of the efforts and the sophisticated security measures put in place to create a safe environment for remote workers, the risk of human error will always exist.

Phishing

Susceptibility to phishing campaigns

Cybercriminals are always searching for security vulnerabilities to exploit, and many employ sophisticated attacks tailored to a specific company and its employees. A malicious hacker could target employees working from home by creating a fake coronavirus notice or phony request for charitable contributions.

In an effort to keep employees informed about company policies regarding the coronavirus, many employers are creating new email accounts that send out daily email updates. These emails often contain several links to forms or company briefings and updates. Given the sensitivity of such emails, employees may be quick to open these emails or to click the links, even from previously unknown company email addresses.

  • Employers should be informed about phishing emails disguised as coronavirus updates or as updated company policies may deceive employees. For example, the World Health Organization (WHO) specifically warned that, in connection with COVID-19, cyber criminals are sending phishing emails with malicious links and are impersonating WHO officials to steal money and sensitive information.
  • Many companies already include warning banners on emails that originate outside of the company but ensuring that such banners continue to attach to email addresses outside the company will help employees parse out which coronavirus updates are legitimate. An additional solution is to create a coronavirus portal on the company website that employees can access for live company policy updates when they are not confident that an email communication from the company is legitimate.
  • AMATAS is ready to provide your company with complementary advice on how to deliver and manage cyber training and awareness program to your employees to aid them against these social engineering attacks and rise their cyber security awareness.

Secure conferencing

Unsecure conference call lines

An increased need for conference call or video services may exceed the capacity of the company’s existing accounts. A free or online-based service may seem like a sensible temporary alternative, but employees should be advised against using these for work-related calls without consulting with the company. Some services may not be secure or may even record your employees’ conversations by default.

  • That is why AMATAS suggests employers to be advised to proactively work with your existing conference call provider to accommodate the temporary need or identify a secure alternative for employees to use.
  • AMATAS advises using trusted platforms like Teams and Skype for Business by Microsoft, Google Hangouts and Cisco WebEx for secured conference call lines.

Incident response

Dealing with cyber incidents

While employers are working hard to protect the health and safety of their employees, incident response requirements remain in effect. Employees should be reminded that if they become aware of a possible data security breach while out of the office, they should inform the organization’s designated recipient for such notifications. Moreover, each company’s data breach response team should be reminded that due to the possibility of increased risk during this period of time, their attention and resources may be called upon.

The AMATAS Security Operations Centre operates 24/7 and we are ready to provide you with complementary advice during the period of COVID-19 restrictions on how to deal with cyber incidents.

Conclusion


The COVID-19 crisis is likely to be with us for a while. Our companies and employees will be forced to make tough decisions rapidly. We will face new risks and challenges, but we need to ensure the security of our networks, devices and data in order to ensure our digital future.

At AMATAS, we know every company is dealing with significant human resources, health and business issues associated with the coronavirus. With a little extra care about security at this strenuous time, hopefully we can avoid having to deal with additional issues associated with data breaches or loss of valuable business information.