The COVID-19 pandemic has propelled Halfaker, an SAIC company, and many other businesses into unprecedented territory and is testing the resolve of every organization’s disaster recovery and business continuity plans. In addition to standing up a coordinated crisis response plan and remote workforce capabilities, organizations must also be hyper-vigilant about cybersecurity given the uptick in online activity during the pandemic. As cyber criminals are quickly taking advantage of this, the DHS Cybersecurity and Infrastructure Security Agency (CISA) issued a COVID-19 cyber alert calling for individuals and organizations to exercise great caution as they move to conduct most of their business online. With a rapidly shifting cybersecurity landscape and guidelines changing by the hour, it is critical that organizations react quickly and prudently to ensure the safety of their people and to protect and defend company data, systems, and infrastructure.
Below are recommendations to help ensure business continuity and cybersecurity during this difficult time.
Coordinated crisis response
A coordinated crisis response is a key factor for success across all facets of an organization, including cybersecurity. Organizations should form crisis response teams to include cross-functional leaders with expertise across all business units to ensure a comprehensive response. As the COVID-19 pandemic began to spread across the globe, Halfaker immediately activated our crisis response with the formation of a Coronavirus Coordination Committee, which meets daily to monitor and assess the local, state, national, and global effects of the pandemic, with special consideration for our specific business infrastructure, employees, partners, and customers. The committee includes senior leaders from our information security, operations, finance, information technology, human resources, legal, contracts, and communications teams who offer a holistic, company-wide perspective to ensure our crisis response considers the needs of every area of the company and our operations. This committee provides frequent updates to our senior leaders and all employees, recommending changes to our operating status, and ensuring that the business can continue to operate as we navigate the continually evolving challenges posed by the pandemic. While an early start is ideal, it’s never too late to form a crisis response team if one is not yet in place.
Cybersecurity threats and recommended security best practices
Cyber criminals are known for using major events and crises to their advantage to attempt to steal sensitive corporate data, money, personally identifiable information (PII), protected health information (PHI), and more. To ensure both personal and corporate assets remain secure, organizations must educate their teams on how to identify and avoid scams and cyber threats. Below are some of the top threats arising out of the COVID-19 pandemic.
- Phishing/vishing. Expect instances of attempted phishing and “vishing” (voice phishing) to rise in the near term. Cyber criminals will leverage fear and uncertainty and are likely to take advantage of the increase in remote operations to try to extract sensitive corporate data, such as human resources and payroll data.
- Targeted intrusion/spear-phishing. Cyber criminals often execute focused and intricate attacks on specific individuals by using social engineering to lure their victims into sharing sensitive information or performing a financial transaction. With an increase in the use of cloud and SaaS tools due to more remote workers, cyber criminals are likely to look to exploit public information and security gaps to obtain credentials to these services and pose as legitimate users.
- eCrime. eCrime campaigns are flourishing in the current environment, with cyber criminals spoofing legitimate organizations (including health organizations) to deceive end-users and gain access to systems and infrastructure.
In addition to increasing cyber vigilance among employees, organizations must implement policies and tools to secure a workforce that has shifted to remote work for non-essential employees. Halfaker recommends starting with the following cybersecurity best practices to strengthen security posture:
- Enable multi-factor authentication for key tools, particularly VPN connections
- Evaluate VPNs, network infrastructure devices, and devices being used to access work environments to ensure that they are fully up to date, patched, and configured
- Assess endpoint security to ensure personal devices are safeguarded
- Develop or update organizational telecommute and telework policies to ensure their scope includes guidance for a secure working environment, specifically: locked doors, removal of sensitive information on display from webcams, and mindful consideration of who is within earshot of conference calls
- Evaluate videoconferencing solutions to ensure they allow the flexibility to screen share, whiteboard, and collaborate securely
Communicate, communicate, communicate
There is no such thing as over-communicating during a crisis. Employees, partners, and clients will be looking for frequent communications that highlight just-in-time information and resources they may need to navigate this challenging time. Halfaker recommends creating an internal information portal to complement frequent communications and outreach. An information portal offers consolidated access to timely, trustworthy information for employees, such as the suggestions seen below.
- The Centers for Disease Control’s (CDC) COVID-19 website
- The World Health Organization’s COVID-19 website
- CISA’s COVID factsheet
- Your organization’s telehealth benefits
- Your organization’s employee assistance program details
The COVID-19 pandemic is challenging each of us in ways we never predicted. Halfaker hopes these tips and recommendations help other organizations navigate this unprecedented and challenging situation successfully while strengthening the nation’s overall cybersecurity posture.