With a high number of staﬀ working remote

and altered workﬂows, it is imperative that your

IT department can capture, monitor and act

upon any anomalous security events that

might occur.

Tekmark Global Solutions

provides cyber security solutions and services

to hundreds of clients worldwide.

IT personnel should be prepared to conduct regular log reviews of remote

access to network and servers, detect attacks and attempted intrusions,

respond to security incidents and recover from any resulting outages.

Logging, Monitoring and Response

What you can do:

RISK

AREA

Many companies work with and rely on partners to

deliver products to their clients. The security of client

content they handle is dependent on the protective

measure they have in place and how those

measures are operating amidst the current crisis.

Review which third parties or contractors

have access to your or your client’s

data or your organization’s systems.

Third Party Security

What you can do:

Communicate with the third parties

to ensure that they have adequate

data security and backup plans in place.

Remove or disable any access

privileges that are no longer

required.

RISK

AREA

Backup of client and company data is an essential

requirement to ensure business continuity

in case of a disruption. In the changed

environment, it is essential that data backup

requirements are being met.

Test the backup restore

process to verify that it

is functioning properly.

Data Backup

What you can do:

Review the user permissions

to backup systems to ensure only

authorized administrators have access.

If data is being backed up on

portable devices, they should

be encrypted using a minimum

of AES-256 bit encryption.

RISK

AREA

Insider threats, either intentional or accidental,

account for many security breaches.

Details of client projects can be divulged

by staﬀ on social media.

Staﬀ should be reminded of conﬁdentiality policies regarding client

content and any other company information that they might have access to.

Conﬁdentiality of Data

What you can do:

Review the user access privileges on systems, applications and services

to ensure that staﬀ have appropriate access and remove or disable any

unnecessary accounts.

RISK

AREA

In case a staﬀ member’s term of employment is ending, remind them of their

responsibility to abide by conﬁdentiality requirements set in their contract.

Many organizations are operating fully remotely

or with a skeleton crew present on site.

It is important that the facility is physically secure,

and assets are protected against theft or misuse.

Secure access to all production

and other sensitive areas when

not in use.

Physical Security

What you can do:

RISK

AREA

Ensure cameras and motion

detectors are operating and are

being monitored.

Test the security alarm system

to ensure it is operational.

New workﬂows have been implemented

to continue delivering service to customers.

It is necessary to maintain secure IT processes

while operating in this ﬂuid environment.

Change and Patch

Management

What you can do:

RISK

AREA

Update VPNs, network infrastructure devices, and devices being used

to remotely log in to work environments with the latest software patches and security

conﬁgurations.

Ensure that all signiﬁcant changes to the IT environment go through a review

and approval process. Notify users of any changes that might aﬀect their work

and have roll back plans in place in case the changes do not go as planned.

Provisioning access for remote users should

be handled securely, or it can open your

company to attacks seeking to exploit

vulnerabilities in your network’s defenses.

Network Security

What you can do:

Implement Multifactor Authentication (MFA) on all VPN connections

to increase security. If MFA is not implemented, require teleworkers to use

strong passwords.

RISK

AREA

Your staﬀ may receive emails with malicious

attachments or links to fraudulent websites

to trick them into revealing sensitive information

or donating to fraudulent charities or causes.

Instruct staﬀ to exercise caution when handling any email with

a COVID-19-related subject line, attachment, or hyperlink, and to be wary

of social media pleas, texts, or calls related to COVID-19.

Email Security

What you can do:

Staﬀ should not reveal personal or ﬁnancial information in email, and do not

respond to email solicitations for this information.

RISK

AREA

Home users might not have the same level of

security protections in place as organizations.

Hackers may increase phishing emails targeting

teleworkers to steal their usernames and

passwords. Users may receive invitations to fake

meetings that point to malicious sites.

Alert employees to an expected increase in phishing attempts.

Provide employees security awareness training while working from home.

Telework

What you can do:

Remote workstations and laptops should have a minimum level of security

such as up to date antivirus, local ﬁrewall, hard disk encryption and screensavers

that activate after a period of inactivity.

RISK

AREA

Provide employees with a contact email and phone number to report

any suspected cybersecurity issues.

Perform network security scans on any newly provisioned equipment

to ensure it is securely conﬁgured and that it does not introduce security

vulnerabilities to your network.

The cybersecurity, incidence response and disaster

recovery processes of many organizations have not

been tested in real world scenarios. A lack of clear

guidance from the top may lead to a disorganized

response during an emergency, exposing the

company to an elevated level of risk.

Assign overall responsibility for cybersecurity, security incident response and

disaster recovery to speciﬁc individuals in your organization.

Security Management

What you can do:

The novel Coronavirus has dominated the world’s headlines for the last few

weeks. The disruption caused by this sickness goes well beyond those who

are ill. Companies and workers all over the world have had to respond to

changes in their everyday work life.

We have compiled a list of 10 areas of concern in cybersecurity along

with our recommendations to help organizations better navigate

the new landscape.

ESSENTIAL

CYBERSECURITY

IN THE TIME OF COVID-19

Review your security incident response and disaster recovery procedures for

completeness and clearly communicate with staﬀ members regarding their

individual responsibilities.

RISK

AREA