Cybersecurity Recommendations: Response To COVID-19

As the US is responding to the Coronavirus pandemic, companies and government/non-government organizations are recommending or mandating  their employees to work from home.

Please remember that this period will be considered a golden opportunity by cyber criminals who are looking to penetrate your cyber defenses and to disrupt your business. We are already seeing this happening.

This presents significant challenges for both IT procurement and management.

We would like to provide some recommendations that may be useful in the current situation that is developing rapidly.

Remember, as security practitioners, this is business as usual for us. The core mission and risks haven’t changed. If you have any concerns about any new risks that you may face, please don’t hesitate to reach out.

• Continuously scan your perimeter looking for signs of “shadow IT” setting up rogue remote access services, such as RDP and SSH. 
• Watch for phishing attempts using the current COVID-19 outbreak as a pre-text.
• Secure/order necessary laptops/desktops as fast as possible as there may be shortages with the equipment.
• Update your Gold Images for Virtual Machines and physical computers with the latest patches.
• Secure necessary licenses focusing on the products that are cloud-managed as compared to on-prem managed (including cloud-based anti-virus/anti-malware tools).
• If you already have 2FA/MFA solution in place, insure that all users have it enabled with no exceptions.
• If you do not have a 2FA/MFA solution in place, explore a possibility of accelerated deployment of one that is cloud-based and proved compatible with MS O365 and Google G Suite.
• As usual, follow best practices for secure account/password management. There is no justification for shared credentials and passwords that are easy to guess.
• Review ”back end” ensuring that email forwarding is blocked on user mailboxes and available protection capabilities are turned on ( i.e. Microsoft Cloud App Security's anomaly detection policies that include the following risk indicators/factors - Risky IP address, Login failures, Admin Activity, Inactive Accounts, Location, Impossible travel, Device and user agent, Activity rate).
• If you do not have one in place yet, consider accelerated deployment of an advanced email protection system (Mimecast, Proofpoint, etc.). If you already use one, make sure that policies are configured properly (i.e. to defend from “impersonation attacks”).
• Test your backup solution to ensure that you can recover data in case of a successful ransomware attack.
• Backup current configurations of your critical datacenter/infrastructure elements (firewalls, routers, etc.).
• Test capacity of your remote access solution (VPN/Virtual Desktop) to ensure ability to support remote workers at a peak load. Address any limitations immediately.

We wish you and your loved ones good health and high spirits in this uncertain time. We appreciate you and your continued trust in us as we care for your organization. We look forward to seeing you on the other side, in-person, soon.

-RedLegg Team

Reach out.