With the developing COVID-19 situation, more organisations have implemented business continuity plans that entail having separate teams work from alternate sites. In view of the recent Ministry of Health (MOH) advisory to implement stricter safe distancing measures, organisations are also moving towards telecommuting for their workforce.
These business continuity practices rely heavily on the usage of remote access technology and networking solutions, to access the organisation's Information Technology (IT) network for resources such as e-mails and file services. There is also a move towards conducting more meetings via teleconferencing.
Opportunistic cyber threat actors are capitalising on the situation to conduct malicious cyber activities by exploiting vulnerabilities in solutions or unsecured networks to gain unauthorised access to users' data or the organisation’s network.
COVID-19-themed phishing attacks and baiting scams continue to be on the rise as threat actors clone or impersonate websites, and use lures in phishing e-mails to trick victims into revealing sensitive information, or make payments on fraudulent websites. Phishing campaigns are becoming increasingly convincing, given the availability of professional phishing kits that allow threat actors to match logos and e-mail formats of legitimate organisations to create convincing lures. Another tactic often used by threat actors is to use similar characters in fake Uniform Resource Locators (URLs) to make users believe that a domain name is legitimate when it is not, for example, WH0.com or standradchartered.com.
With COVID-19-related threats escalating on the cyber front and the move to remote access technology as a key means of communication, the need to enforce cybersecurity is vital for organisations to deliver essential business operations. Hence, organisations and employees need to be prepared, and adopt a heightened state of cybersecurity to enhance their cybersecurity postures and stay cyber-safe while telecommuting. Here are some pro-active measures that you can take to enhance your cybersecurity posture:
Always stay vigilant, especially if you receive a COVID-19 themed e-mail that requests for sensitive information or requires financial payments. If the matter is important, you may wish to check with the sender via an alternative medium to verify the authenticity of the e-mail before following up with the request. Avoid clicking on links or opening attachments found in e-mails or text messages from unknown or untrusted senders. Even if the e-mail or text message appears to come from a known or familiar sender, double-check the details to verify the authenticity. Where unsure, always refer to official sources for the latest updates, such as the Ministry of Health website for updates on the COVID-19 situation.
Use a secure Wi-Fi network, and always make sure to send important and sensitive information over Virtual Private Network (VPN). If you are working from home, you should also ensure that the home router is secure by changing the default password, and checking that security settings are set to enable automatic updates, disable remote access, and disable Universal Plug and Play (UPnP).
Alert your IT team if you detect any unusual or suspicious activities on your terminal, or if you have clicked on any phishing links. You should also not download any applications or plug personal devices into your company-issued device before seeking approval from your IT team.
Choose a teleconferencing software which provides support for private meetings and adopts encryption best practices to provide maximum security. You should share the access code and meeting URL of private teleconference meetings with intended participants only, and ensure a password is required to join the meeting. As there are known occurrences where threat actors send malware through links or attachments via the chat feature of a teleconferencing software, avoid clicking on links or attachments from untrusted parties or large teleconference groups organised by contacts whom you are not familiar with.
After a teleconferencing session, it is a good practice to mute the microphone and cover the camera. Lock the screen if you are stepping away from your terminal or taking a break. When you are done for the day, you should also shut down your terminals so that any updates that are pushed down to the terminals can be installed properly upon restart.
IT teams need to make sure that the VPN, network infrastructure devices, endpoint devices, and other remote access systems are updated with the latest patches and security configurations, as well as anti-virus signatures. Where possible, implement Multi-Factor Authentication (MFA) on all VPN connections. Stay up to date and follow the good practices guide recommended by solution providers to keep systems secure. To ensure availability, IT teams should also test the VPN limitations for mass usage, and consider modifications that can prioritise users that require higher bandwidth.
Perform regular audits of privileged domain and local system accounts to detect unknown accounts. Privileged access should be controlled, for example, by limiting access based on the principle of least privilege. Organisations may also consider restricting remote access to sensitive systems where practical. Closely monitor authentication logs for remote services and look out for suspicious account behaviour or activities across systems, for example, if one account is logged into multiple systems simultaneously.
Organisations need to provide regular reminders to employees about cyber threats and preventive tips so that their awareness is heightened. Reiterate the Acceptable Use Policy if needed, and enforce strict security policies such as the frequency of change and strength of passwords, usage of Bring Your Own Device (BYOD) and what can be accessed with such devices, downloading of applications on company-issued devices and usage of USB devices. The organisation's telecommuting policy should address both physical and information security requirements, and clearly articulate the requirement and procedures for reporting of cybersecurity issues to the employees.
It is essential for organisations to review and put in place cyber incident response and recovery plans that can be effectively implemented in view of the telecommuting circumstances, so that IT teams are able to detect and respond to any intrusion or unusual activities quickly.