COVID-19: You won’t get a pass on cybersecurity

SC StaffMarch 17, 2020
  • Discourage the sharing of COVID-19 information. Use official company channels only.
  • Keep your employees informed of coronavirus-related scams, frauds and compromised websites and phishing schemes. Knowledge is power.
  • Provide tips to secure consumer-grade internet devices like routers. Most routers are easily exploited as the admin account is still set to publicly known manufacturer’s defaults.
  • Use a VPN to encrypt remote connections.
  • Enforce multi-factor authentication for remote access to reduce the risk of compromised VPN credentials.
  • Disable administrative rights for remote workers to eliminate the risk of compromised VPN accounts used to create new users with admin privileges.
  • Revisit your Business Continuity Plans (BCP) to ensure they cover a pandemic-driven remote work policy.
  • Consider running a COVID-19-based incident response. Gather your executives and leaders to run a simulation in which a key employee tests positive for COVID-19, after accessing the office while symptom free.
Mark Sangster, Vice President and Industry Security Strategist, eSentire