COVID-19, AKA “coronavirus” just become the first pandemic in my lifetime. There are many people that will be negatively impacted by the social restrictions, economic impact or worse still, themselves or someone they know gets illness. As an IT person and one who is naturally risk averse, my concern goes to what risks this virus will have on IT organizations. My fear is that this will be one of those times where malicious individuals on the Internet will ramp up their efforts. These fears focus on a few types of attacks that I see being magnified during this time.
The first type of attack to consider is phishing emails. I often see phishing emails masquerade as PSA announcements. Phishing doesn’t take much to pull off, and any change in the world is a new opportunity for a fresh start at gaining credentials from individuals.
A second threat to be aware of is ransomware. Ransomware attacks benefit from the added chaos of BYOD and work-from-home scenarios, it’s important to think about proactive measures to avoid this threat. How universal is your endpoint protection when you let folks use a VPN for their home computers to contribute? How up-to-date are the patches on those BYOD or home systems? Have individuals turned off their firewalls on their personal devices? I recommend mapping out a plan. Be thoughtful and intentional, because taking shortcuts to expedite a transition from working in the office to working from home isn’t worth it.
Another threat to be mindful of, similar to ransomware, is viruses. Viruses also benefit from loosening our standards for security. Make sure you haven’t missed systems, and that you have enough for extra systems that you must bring into the coverage of your AV.
And lastly, physical security. You should ask yourself, will our building be guarded through security systems while there is a skeleton crew (or no one at all) on-site? Sometimes a simple IP camera system can work wonders. Maybe you need to make sure that you can control time-sensitive building access.
There are no doubt more issues than this to consider. But hopefully, my concerns and recommendations get your brain juices flowing on addressing the needs that are most relevant for your organization. We need to do more than facilitate folks working from home. We need to double-down on protective measures to keep the focus on the direct issues that COVID-19 presents.