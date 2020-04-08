Amit Ghodekar

Coronavirus or COVID-19 has now emerged as a gigantic problem in today’s time, and almost every country has now become vulnerable to it. Every day new cases from across the world are reported where the Coronavirus infection is being confirmed and thousands of people have lost their life. While governments across the world have put down lot of policies and procedures in its fight against the epidemic, organisations across the world are creating business continuity planning (BCP) so that their workforce can remain safe at the same time without hampering productivity.

Technology is playing a key role here and to no surprise the bad actors in the world are also ready to exploit the opportunity. Lot of reports have already surfaced stating phishing emails named safeguard against Coronavirus or COVID-19 compromising thousands of systems across the globe. This was not the only thing since the hackers have now realised that most of the organisations will activate their BCP through WFH (work from home) and are working on how they can exploit large institutions.

Any BCP policy gives utmost priority to human life. So, while many institutions in the world have activated the BCP considering safeguarding human life, the best possible thing is to give access of systems and allow ‘’work from home’’ (WFH). While institutions are taking these actions, three things immediately come apart from safeguards for human life in technology. These are secure email communications, well established BCP & tested work from home systems.

Apart from that, the most crucial thing which any institution should look at while access is given is the Data Security and system controls that are put in place for third parties. We have seen in the past that in most of the data breaches across the globe mostly third parties were the culprits. Hence, special attention and controls are required when access is given to third parties.

However the core of the work from home or WFH is the Data which the end users are going to access. The organisations needs to take utmost care while their end users are going to access the crucial data of the organisation from outside. The organisation should lay proper controls in place to safeguard the data in rest & data in motion. An effective device control policy such as not giving USB access or even powerful controls such as Data loss prevention for end points. Additionally, mobility devices is a necessary control in this scenario.

Now comes the most important aspect of the WFH - the end points. The world is witnessing highest level of attacks on end points since the past 2-3 years and end points are the ones which are compromised first. Hackers are using sophisticated techniques such as advanced persistent threats (APTs). These APTs remain in the systems for many days in stealth mode and once activated they steal the data or compromise the systems. While now the end users are going to remain outside of the office environment, one have to carefully evaluate and implement an endpoint security solution which can effectively take any threat especially now when the users are not going to remain in your network.

In this crisis situation when major workforce remains outside the perimeter, yber Security will be challenged like never before and the cybersecurity professionals across the globe will be required to be on their toes at all times. There is no doubt that Hackers will try to utilise their agenda. However, effective monitoring of Security Incidents, Operation center and taking timely actions on the alerts will be the savior. Apart from that, one of the most important thing which requires special attention is access control.

Hackers have started utilising the Coronavirus or COVID-19 event by spreading phishing emails and many users fall pray to it. Hence, an effective e-mail security which can identify malicious or phishing emails will be the need of hour. At the same time, end user awareness about cybersecurity will also play a key role. Which is why special awareness about how to use systems securely while working from needs to be communicated to all users effectively.

To conclude, NIST had made special publication - Guide to enterprise Telework, Remote Access and Bring your own devices (BYOD) Security a while back and this can be a good read in today’s time when cybersecurity is witnessing a challenging time in the Coronavirus or COVID-19 for every cybersecurity professional.