COVID-19 has forced many businesses to have the majority of their workforce work from home. Some organizations have established policies and procedures as well as provided technology to support part of their workforce remotely; however, so many were not ready to support the entire staff working from home. These are unprecedented times, and many organizations must focus on ensuring that most, if not all, employees can work remotely. Security is often missed when the objective is to become operational within hours.
Increase in Monitoring
The spread of COVID-19 has caused a rise in phishing scams. Criminals are aware that employees working outside the fortified corporate networks offer a much easier target. The SIEM (Security Incident Event Monitoring) alert level should be set at hyper-sensitive during these times. The new generation of SIEM offer user behavior monitoring using AI – a handy and useful feature.
Use VPN where possible
VPN provides an additional level of security. The data is encrypted, and endpoints can effectively access domain related services. The downside is the increased load on the firewalls, and VPN routers. Some companies may not have adequate bandwidth to guarantee stable operations.
Using multi-factor authentication for VPN, webmail, teleconference, and other cloud services will make compromising an account much complex. Use multi-factor authentication wherever possible.
Many providers offer DNS filtering. It secures the endpoints from known and suspicious malware sites and provides visibility in web traffic.
Data Loss Prevention
Review your DLP policies and alert levels of the DLP software and update them as needed. Disabling USB and Bluetooth are good options as well provided unauthorized cloud storage is blocked through URL filtering or other means. Run DLP agents often to ensure that they are operational.
Patches and Updates
The antivirus and other defense mechanisms can provide little help if the endpoints are running outdated and unpatched applications. Use a vulnerability management tool to identify any vulnerabilities and patch them as soon as possible. Patch early and patch often.
Assess your Risk
Conduct risk assessment of your infrastructure and cloud services. Use vulnerability management software to scan your infrastructure, AWS, Azure, and Docker, etc.
COVID-19 Phishing Campaign
It is never late for a test phishing campaign. Conducting an internal phishing campaign focused on COVID-19 can identify the weak spots and need for employee awareness training.
Lastly, review your daily security checklist and modify it accordingly. Pay attention to the security-based reports and act accordingly. Staying vigilant is the key. Learn more about pandemic-related insights and organizational resilience with the Resilience Toolkit.