Cybersecurity Hygiene Best Practices During COVID-19 and Beyond

As cybercriminals continue to use the novel coronavirus pandemic to launch cybercrime scams and cyber attacks on teleworking applications, virtual private networks (VPN), and other technologies associated with remote work, many organizations find themselves in crisis mode, as well.

Your enterprise may be scrambling daily to protect your sensitive data, reduce the likelihood of data breach, and guard against malware and ransomware attacks as well as other cyber threats.

The situation is dire and urgent. The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) on April 8 issued a joint warning about the increased risk of a security breach that the COVID-19 pandemic has brought about.

The warning specifically points to an increase in phishing emails designed to lure victims into clicking on phony links that may download malware or provide criminals access to mobile devices, cloud environments where sensitive information or personal information may be stored, for the purposes of identity theft.

Even enterprises with strong information security programs may be more vulnerable as these attempts increase in frequency and scope. Our automated solution can help you enhance your network security and data security in this frightening time and ensure you’re following these cybersecurity best practices.

Phishing: Don’t Get Hooked

Prevention is the best cure, and the easiest and most effective way to dodge phishing attempts is to use technical controls to block phishing emails altogether and prevent malicious links and/or attachments from opening.

Educating your personnel about how to detect, avoid, and report phishing attempts is also important, but be aware: 95 percent of cyber breaches occur via phishing, either using email or SMS (“Smishing”). Humans will always be the weak link in any cybersecurity endeavor.

Remote work: Mind Your VPN

Cybercriminals strike where your systems are most vulnerable, and your virtual private network is no exception. Sending workers home to do their jobs remotely results in an increase in mobile devices’ connecting to your system.

Make sure your software is up-to-date and patched, and that users understand how to log in and use it securely.
Require strong passwords with a minimum of 12 characters including uppercase and lowercase letters, numbers, and symbols.
Use two-factor authentication or multi-factor authentication (MFA).
Restrict the use of public wi-fi for organizational devices.
Increase your bandwidth, if needed, so that every user, including your information security teams, can access the VPN.

Remote work: Mind Your Meetings

Who hasn’t heard, by now, the bizarre accounts of online meetings and classroom hijackings that have occurred during the coronavirus pandemic? And these are just the breaches that we can see.

Teleconferencing can be protected by following a few common-sense measures:

Keep your meetings private, requiring a meeting password for entry or using the waiting room feature so you can control who gets in, and sharing the link to the meeting only with invitees;
Enable screen sharing only for the host;
Automatically update users’ remote access or meeting apps;
Make sure your telework policies include data security requirements.

Maintain Your Compliance

Staying in compliance with the regulatory frameworks you’ve worked so hard to meet is one of the best ways to ensure that your information systems and cloud environments and your business partners’ and employees’ personal information are always as secure as can be.

The Health Information Portability and Accountability Act (HIPAA), the National Institute of Standards and Technology’s (NIST) special publications, the Payment Card Industry Data Security Standard (PCI DSS) and other applicable frameworks require stringent security controls. If you’re not sure whether you’re in compliance, conduct a risk assessment, or self-audit using an automated solution such as ZenGRC.

With color-coded, user-friendly dashboards, to-do checklists, third-party-vendor surveys and assessments, workflow management tools, unlimited self-audits, and a “single source of truth” document repository for auditors to use, ZenGRC takes the hassle out of cybersecurity, risk management, and compliance management.