The New Zealand National Cyber Security Centre (NCSC) has issued a series of recommendations to organisations to prepare themselves against possible cyber security risks that may arise due to the impacts of the COVID-19 pandemic.
The NCSC has observed an increase in malicious cyber activity seeking to exploit public concern surrounding COVID-19. It’s important to note that remote access solutions may be specific targets of cyber criminals and other hostile actors.
Top 11 Cyber Security Tips from the NCSC
1. Maintain an awareness of the risks and mitigations associated with flexible worksite arrangements.
Working from home arrangements mean allowing devices that aren’t company-issued to connect to your company’s network and server. If you don’t have a cloud setup, this might produce security risks.
For example, if not set up properly, a personal computer which tries to access your network might be compromised. This device can then infect your entire server.
2. Be aware that bring your own device (BYOD) solutions utilised by staff may not have the same protections as corporate devices.
This is similar to the point above.
Personal devices usually don’t have much protection as their corporate-issued counterparts. That’s why it’s important for CIOs and IT Managers (and managed IT providers) to find a solution to this sooner, rather than later.
3. Liaise with your IT department to provide staff working remotely with advice on the correct security settings for their devices.
This includes training users on the basics of protecting their devices.
For example, as an IT admin, you can require users to follow these based on some settings:
- Password change depending on a specified number of days
- Can’t reuse old passwords
But as you may know, people are lazy. They might not even have passwords on their personal devices.
That’s why it’s important for constant communication and training on these things.
4. Focus on securing systems that enable remote access, such as VPNs.
Ensure these systems are fully patched, firewalls are properly configured, and anti-malware and intrusion prevention software is installed.
Home networks are known to have poor security settings — i.e. a lot are still using the default admin password for their WiFi and router settings. Most aren’t also updated with the latest firmware.
Adding this extra layer of protection can reduce your risks of intrusion.
5. Test the capacity of your remote access solutions in advance.
Your server and systems might not be able to handle the bandwidth of all employees remotely accessing all at the same time.
Develop strategies to increase this capacity if necessary.
6. Wherever possible, multi-factor authentication for remote login or cloud-based corporate applications must be implemented.
Multi-factor authentication (MFAs) is the simplest way you can add another layer of protection to company data.
Watch this video to see an uncommon yet high risk of not using MFAs in your organisation.
7. The use of unauthorised software for official purposes (known as shadow IT) can increase when working remotely, raising security and privacy risks.
Ensure staff are aware of the policy, privacy and legal obligations that apply to your organisation’s information.
8. Review your business continuity and contingency plans.
Ensure these are up to date.
If you don’t have one, iT360 has provided a pandemic action plan template that you can download for free.
While it may not work for all organisations, it can certainly help you with one. You can easily modify it to suit your own needs.
9. Assess your organisation’s supply chain for possible disruption resulting from COVID-19. Identify possible substitute products or alternate supply sources.
Depending on your industry and needs, you might not be as affected as others.
But it’s best if you evaluate your requirements and needs now. For example, there are some suppliers that already have a lead time of 6 months for the delivery of their products.
10. Use trusted sources such as New Zealand Government websites for up-to-date information about COVID-19.
Monitor the NCSC’s website for information on cyber threats and vulnerabilities.
When it comes to the COVID-19 updates, only use trusted sources such as the ones coming from the Ministry of Health or the World Health Organisation (WHO).
Be wary of fake news, myths, and other content circulating on social media that is causing panic.
To learn more about the different steps the NCSC recommends you take, visit their advice for working remotely here.
Leave a Reply