12 Mar Official Cybercrime Magazine Coronavirus Guidance For C-Suite Executives
Special Cyber Advisory from former White CIO Theresa Payton Download here
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Mar. 11, 2020
The editors at Cybercrime Magazine advise that C-suite and technology leaders, including CIOs and CISOs, take time to carefully read through the “Coronavirus Cyber Advisory,” published by Fortalice.
Theresa Payton, former White House CIO, a member of our board of advisors, and the CEO at Fortalice, supplied us with a copy of the advisory in order to reach as many people as possible.
We urge all IT and security teams to consider the potential impact of COVID-19 on your organization, and to act accordingly if you have not already done so.
5 QUESTIONS LEADERS SHOULD ASK
Page four of the advisory states that Gartner did a poll of companies to ask the biggest barriers to pandemic planning and 54 percent of HR leaders stated that “poor technology and/or infrastructure for remote working is the biggest barrier to effective remote working.”
The advisory recommends that leaders ask these five important questions:
- Is our BCP/RP (Business Continuity Plan) current and has it been tested within the last 12 months? What is our work-from-home policy? Is our remote work plan easy to follow and secure?
- Do our 3rd party vendors have a BCP/RP?
- Will customer-facing processes work well if all of our employees are remote and if we are dealing with a limited workforce due to illness?
- Will our internal processes (e.g., payroll, accounting, invoicing, HR) run with staff working remotely? If yes, how?
- Are our remote work processes securing our digital assets and our customers’ privacy?
STEPS TO TAKE THIS WEEK/MONTH
Fortalice recommends the following action items for all IT and security teams.
Immediate Housekeeping Items
- Update remote software such as your Virtual Private Network (VPN).
- Call your VPN provider to ask them if they can handle the load of all staff working from home and adjust accordingly.
- Fine-tune your email filtering strategies and double-check your SPF header records and DMARC.
- Update all operating systems, browsers, office productivity software and antivirus.
- Send out employee education and awareness reminders.
- Call your vendors to ask them how prepared they are to withstand a pandemic. Make sure you have a playbook in place detailing what you will do and how they will support you.
- Contact your local suppliers of phone and internet to ensure they can handle the load for one or more employers to send their employees to work from home. Plan accordingly to provide critical functions with cellular mobile hotspots.
Practice the Pandemic Situation
- Choose a day in the next two weeks and practice the entire work-day with all employees working remotely for the full day.
- Plan to practice your incident response playbook and pay special attention to figuring out how you would respond to different issues, how escalation will work, and what your communications plan will be for your employees and customers.
Fine Tune Protection Strategies – #1 Avoid Dangerous Emails
- Train employees that all “news” on social media sites and sent via emails could be a trap. Encourage staff to use VirusTotal before clicking on a link or opening an attachment, even for internal emails! VirusTotal will scan more than 50 sources and notify you if a link or file is bad.
- Avoid Business Email Compromise (BEC): Implement new wire transfer protocols to institute steps that an attacker could not guess that you would take. Example: send a secret pre-planned GIF back and forth that an attacker would not guess as a way to let the person receiving the message knows it is really you.
Add a Deadbolt to the Cyber Door with Updates / Anti-Virus / Multifactor Authentication
- Accelerate plans to institute Multi-Factor Authentication (MFA) on key systems
- Review FBI InfraGard and DHS CISA bulletins for ongoing information around indicators of compromise.
- Ask your security team or provider for the latest blocks to add to block known bad web links and internet protocol addresses.
Create A “Shields Up” Approach Through A Segmentation Strategy and Kill Switches
- Segment data, user access, and networks.
- Start small by setting up more than one domain name to segment your core public-facing operations from your back office.
Enhance Your Remote Strategy
- Publish your company approved web and cloud tools and processes for remote work.
- Train your employees on best practices via an all-hands conference call.
- Fortalice will post information updates to our social media accounts as we see them.
Download the Fortalice Cyber Advisory here.
The advisory contains additional valuable information, such as Recap of Current Events with coverage on manipulation and social engineering campaigns, important educational resources, and an appendix for practitioners to go deeper into tactics.
Need help refining your BCP/RP? Need help locking down the security of your remote workforce through tools, apps, fine-tuning security solutions, and processes? We are here to help.
Fortalice Solutions, LLC remains the cybersecurity and intelligence operations expert companies and people turn to regarding efforts to strengthen their privacy and cybersecurity. If you would like to step up your cybersecurity defenses or need help complying with existing or future regulations, give us a call. We are highly skilled in disaster planning and recovery, incident response exercises, and cyber risk assessment, and we are standing by to aid you and your team.
Call 877.487.8160 or email Watchmen@FortaliceSolutions.com.
Note: If you’d like to see the Fortalice employee message and specific Coronavirus policy, write to Watchmen@FortaliceSolutions.com.
Editors’ Note: This is a public service announcement from the editors at Cybercrime Magazine. Fortalice did not pay to place this advisory. We found the Fortalice content to be extremely informative, easy-to-read, non-promotional, and with practical guidance for organizations of all types and sizes.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.