The Next Cybersecurity Risk Management Model Post the COVID-19 Crisis

The COVID-19 pandemic developed additional challenges for businesses all over the world as they made adjustments to their typical operations with the “new normal.” IT and security teams are required to impose a higher level of security as millions of employees work from the safety of their homes. Cybersecurity is now a major concern because cyber criminals have been taking advantage of gaps and are performing exploitative actions amidst the crisis.

This article gives awareness about the cyber risks that emerge from the coronavirus environment, and how to optimize mitigation measures for your organization.

Cybersecurity Risk Management Amidst the COVID-19 Pandemic

The constraints imposed by governments around the world to lessen coronavirus cases have prompted businesses to take a Bring Your Own Device (BYOD) approach, which allows employees to access corporate information while staying at home. While many organizations don’t have the tightest security when working in a remote environment, the pandemic exposed companies to an even greater risk when using personal computers or laptops.

Home Wi-Fi networks are uncomplicated to attack and can make your organization vulnerable against cybercrime. It is a must to update your cybersecurity management, an assessment , an assessment that aims to detect risks and mitigate threats by applying suitable actions and extensive solutions to ensure that your organization is well-protected, especially when your employees are granted access to private data in remote areas.

Business Needs That Demand Changes in the Risk Management Framework

Business risks should be prioritized according to the level of impact they may cause in the future. Here are some risks that need to be addressed as they are more dangerous than others.

Security Risk

Cases of hacking become more apparent as people are enthusiastic about sharing their information and personal data on online platforms such as social media sites. This type of risk could be critical for growing businesses; not only does this risk lead to identity theft and payment fraud, but a company can also be financially responsible for such actions, which could lead to a downfall in trust and reputation.

Financial Risk

The less debt load you have, the better. Every organization could have debts on hand, may it be from a loan to start the company or credit extended to customers. Make it a habit to keep debt at a minimum or lower your debt load to avoid cash flow interruption or unexpected loss. Interest rate fluctuations are also a threat, so it is also essential to market your services successfully. Income loss from a loyal client won’t be as catastrophic if you were able to diversify your services.

Economic Risk

In relation to financial risk, it is essential to save as much money as you can for a steady cash flow. Along with the fluctuation of markets, the economy changes and this can be either good or bad for the environment. Be watchful of updates and trends that can lead to purchasing surges or reduced sales. A business plan should function accordingly to all economic cycles and can prepare you well enough for an economic downturn in case an unforeseen event arrives.

Operational Risk

Natural disasters or human-induced events can trigger operational risks to be exploited. It involves a variety of factors that can either happen internally, externally, or both. When not addressed properly, this risk can cause you to lose business continuity and affect your time, reputation, and money. Risk management practices for this threat should include thorough trainings for employees, as they can make mistakes that may lead to financial loss and unproductive efforts.

Compliance Risk

Laws and regulations are necessary to be complied with and can impact your normal operations when left unattended. Fines and penalties are effects of non-compliance which can therefore raise a red flag for your business. Stay vigilant in monitoring your mandatory compliance and seek assistance from consultants who can help minimize compliance risks from state laws and local agencies.

Competition Risk

Businesses strive with the help of different marketing essentials, and it has always been evident that there are competitors within the industry. Making continuous improvements and offering new services that can appeal to customers can greatly put your business one step ahead among the rest. Be aware of the trends and never settle for less, as growing competition within the market can result in loss of customers. Reassessing company performance, optimizing social media marketing, refining strategies, and maintaining strong relationships can fight off competition risk.

Reputation Risk

A simple bad review or a negative tweet can instantly cause a plummet in your revenue. Managing your reputation and responding to bad or good comments in a professional manner can keep your business away from lawsuits and reputation damages. Social media reviews and comments can greatly affect a business’ brand reputation; therefore, it is essential to provide quality services in order to maintain strong relationships with your customers.

Impact of COVID-19 in the Cybersecurity World

Threats have intensified because of the opening opportunities for attackers that grew apparent during the COVID-19 outbreak. On the other hand, hacktivists or hackers battling against political issues increase cybersecurity threats in their will to pursue social or political data. Script kiddies, also called junior hackers, are also exploring on their own, testing out cyberattack packages and honing their skills. Meanwhile, cybercriminals are using elevated digital technologies and traffic to find vulnerabilities and bait victims into clicking links that are related to the pandemic.

Risk Management Best Practices Post COVID-19

Luckily, strategies and practical steps for businesses are available to lessen the impact of intensified cyber risks in an organization. To prevent costly repercussions, the following practices should be implemented:

Determine weak spots

Even when you think you have the strongest defense, there will always be weaknesses that pop out from time to time. Consider determining vulnerabilities upon running tests and impose solutions to strengthen your security.

Apply new technology and techniques

Encourage the dynamic use of cyber threat intelligence to recognize and address attack trends. Use recently developed tools such as host checking, an authoritative tool to check security status before accessing company data, to fortify the security of remote working in these pandemic times.

Install antivirus programs

Investing in antivirus and antimalware software license defends your employee’s personal devices from low-level attacks.

Implement cybersecurity awareness

Best practices and protocols should be known to all employees to prevent leaking private data on the organization’s cloud storage. They should also remain vigilant with acknowledging emails and double check their credibility, as phishing scams have risen during the crisis.

Indulge in frequent assessments

New methods of cyberattacks should always be considered and evaluated. Check whether existing supervision vectors are sturdy enough, and update management documents such as crisis plans and business continuity plans. Consider new cyberattack methods and provide solutions to known risks.

Execute risk management

Prepare for future attacks and execute risk management plans. They provide a comprehensive view of the company’s risk exposure, carry out periodic cyber crisis simulation activities to prepare their response to attacks, or prepare their retaliation to malicious attempts before a cybercrime is committed.

Use a VPN for protection

Employees that work at home should ensure that their Wi-Fi connection is secured with a strong password. Better yet, the use of a virtual private network (VPN) can add an extra layer of security to work from home operations. They are not exactly a prevention from cyberattacks, but they serve as a useful barrier against threats.

Optimizing Your Risk Management Model

As the pandemic made millions of businesses adjust according to the new normal protocols, the risk management function should also be modified to be more effective. Some ways on how to optimize your risk management model include: enhancement of monitoring practices, streamlining of market risk operations model, optimization of reports and plans, and the automation of performance management and governance. It can take years to implement a stronger risk management function, but these fundamental practices outline the security of your organization to be in good shape.

COVID-19 had every person wearing masks and face shields when going out to prevent themselves from catching the virus. Similarly, being prepared in the cyber world is better than shouldering the burdens from failed security. Being able to react to unforeseen events quickly can lessen the impact of cyberattacks. Organizations that are continuously wary of such illegal acts are well prepared to face the battle against the endless increase of cyber risks and cyber threats.

Source: ecouncil.org

Continue reading

How to Upgrade Your Business Continuity Plan (BCP) in a COVID-19 World

The majority of the large organizations have business continuity plans, or their equivalent prepared to tackle human-made disasters and natural disasters such as power outage, terrorism, IT infrastructure failure, floods, cyber-attacks, earthquakes, hurricanes, and so on. Nevertheless, most organizations are not prepared to handle the threat that COVID-19 presents.

The COVID-19 pandemic poses new and unique sets of challenges for most organizations. Not only does the coronavirus spread from one person to the other, and has no geographical focus, its destructive influence is vigorously changing without concern for boundaries. For global companies to remain competitive, build enterprise resilience, and preserve their business continuity, organizations have had to be analytical and proactive in their policy-making to preserve their business community, consumers, employees, and teams.

EC-Council’s disaster recovery professionals (EDRP) certification can help with administrative continuity planning efforts. It offers DRP training that provides IT professionals or cybersecurity experts with the needed knowledge for formulating organizational communications and executing remote work programs, evaluating the organization’s remote workplace preparedness, and designing enhanced remote work programs.

What is a business continuity plan (BCP) in cybersecurity?

Cybersecurity remains a major concern for organizations. Imagine getting to the office and realizing that most of your critical systems and networks are not properly working because of a cyber-attack. The important question is, “are you ready for an emergency or a disaster?” And more importantly, “can your cybersecurity solutions adjust and function effectively in an altered business environment?”

BCP or business continuity plan covers the entire critical business operation that can be affected during an emergency or disaster. In cybersecurity, business continuity plans lessen the risk associated with technological loss or the loss from IT infrastructural downtime. Your business continuity plan is a proactive tool that can be adapted for the complete restoration of all your business operations following an attack. A well-crafted BCP includes IT disaster recovery strategies and incidence response solutions.

When your computer or network has been compromised, it leads to a temporary or perpetual financial loss, reputational damage, loss of software and sensitive data or information, and so on. An organization’s cybersecurity mitigation procedures, together with its IT disaster recovery and business continuity plans, protect essential integrated equipment, averts hacking and other related cyberattacks, and guarantees business continuity.

Business Continuity in the new WFH Culture 

Who is responsible for a business continuity plan (BCP)?

A business continuity coordinator (BCC) or a disaster recovery professional (DRP) is saddled with the responsibility of designing, updating, and testing your IT disaster recovery and business continuity plans. An EDRP works intimately with critical business units to comprehend their operations, detect risks, assess incidence response preparedness, and mitigate the loss from potential cyberattacks. BCPs are typically developed with the input of departmental heads and key stakeholders.

The target of an EDRP is to ensure the continuity of business operations during and following disaster recovery efforts. To craft an adequate and useable BC/DR plan, a DRP must undergo disaster recovery and business continuity training. They must also have enough knowledge about:

◉ IT infrastructure
◉ Supplies and suppliers
◉ Equipment
◉ Documents and documentation such as Business documents and Procedure documentation
◉ Locations and whereabouts of organizations and backup sites or work area recovery (WAR).

What is included in a business continuity plan (BCP)?

Well-crafted business continuity plans sketch out a variety of disaster situations and the possible approaches the business can apply to specific emergency or disaster incidents to restore the organization to its normal trade environment. DRPs craft the business continuity plans before the incident, including precautionary measures to be implemented.

Creating a detailed disaster recovery and business continuity plan is a process prepared to tackle a set of anticipated eventualities to identify and mitigate possible damage to your companies throughout the hostile situation. The BCP consists of business impact analysis (BIA), threat intelligence analysis (TIA), and impact scenarios.

1. Business impact analysis

A detailed BIA distinguishes between critical and non-critical business operations. The criticality of a business operation is dependent on government regulations and compliance requirements. The components of a BIA include electronic or physical documents, IT systems, human resources, and physical assets, such as workstations, laptops, mobile phones, and so on.

2. Threat intelligence analysis

Threat intelligence analysis or risk assessment is an evaluation of potential risks or threats. Common cybersecurity risks and threats assessed include cyberattack, IT outage, data breach, DNS, computer virus, computer worms, DDoS and DoS, phishing, SQL injection attack. Common natural threats include hurricane, flood, epidemic/pandemic, fire outbreak, floods, and other major storms.

3. Impact scenarios

Impact scenario describes a management tool intended to permit organizations to assess the usefulness and adequacy of their business plans, strategies, and approaches, under a variety of imaginable real-life events or imminent environments. Your impact scenario planning is a significant add-on to the company’s risk management solutions since it tackles the possible impacts of substitute situation on the business’s risk profile.

In short, it is the ideal solution in the face of the increasing trend in cyberattacks and the COVID-19 pandemic. Impact scenarios should cover the broadest conceivable impacts.

What are the steps in the business continuity planning process?

Due to the COVID-19 pandemic, organizations across the globe are making efforts to confront the effect it has had on critical and non-critical business functions. Even though the risks are extensive, there are certain aspects that businesses can develop resilience to and reshape their business policies to restore their entire business operation both during and after the crisis.

Step One: Re-imagine business continuity plans

While it is unmanageable to plan for every potential destructive incident or disaster, it is probable for disaster recovery teams and other incident response teams to be communicated with and reinforced to craft out new procedures. Initially, when the crisis began in Wuhan, supply chain disruptions were only felt by organizations that had dealings with China. However, due to the current extensiveness of the COVID-19 pandemic, almost every business is experiencing operational challenges and shifts in consumer behavior.

Since the coronavirus is yet to show signs of abating, the implication of this is that organizations must continue to work while acclimatizing to the newest IT disaster recovery plan, decision-making processes, and different systems of collaborating. Companies should adopt the following strategies to tackle these challenges:

◉ Review the organization’s risks and exposures and respond adequately.

◉ Assess temporary liquidity to be able to envisage cash flow demands and respond as quickly as possible.

◉ Consider other substitute supply chain options to minimize the impact of the pandemic on your business operation.

◉ Conduct possible impact scenarios for your financial plans to know the likely influence of the pandemic on your financial performance and evaluate its probable duration.

Step Two: Concentrate on your human resources and technical needs

Organizations need to ensure seamless transitions during this pandemic era. The safety of members of your human resource is critical, including both your permanent and temporary employees, contractors, suppliers, consumers, and so on. Organizational staffs have high expectations from their employers and management team. They need some sort of guidance on what to do.

You can exploit different digital collaboration solutions for continuous communication across different business units and teams. Companies are required to meet their employees’ demands and resolve consumer’s uncertainties. This can be achieved via tremendous transparency in critical business functions and service delivery strategy. This will ensure an effective shift from unpredictability to reliable relationships.

Step Three: Communicate all new directions with key stakeholders

Communication is key for crafting successful business continuity plans. When formulating a plan that will reshape and sustain continuous support from consumers, partners, employees, suppliers, creditors, and other human resource teams, you need a strong, timely, and transparent communication pattern.

◉ Keep your customers up-to-speed of any impacts the pandemic or other disasters may have on your products and service delivery.

◉ Communicate regularly with your suppliers to find out the availability of the materials you need and whether they can deliver them during the COVID-19 pandemic.

◉ When communicating with your employees, your communication tools must strike a balance between being thoughtful and having a business continuity perspective.

◉ You may also want to communicate with your legal teams to understand governance risks and compliance to avoid when communicating with key stakeholders. The aim is to avoid incurring legal charges.

Step Four: Develop resilience while preparing for potential alterations

After you have observed steps one to three, it is time to build your business resilience. Business resilience suggests the ability of an organization to endure the alterations made to its environment while continuing to conduct regular business activities/functions. An organizational resilience could either mean that you’ve developed a capacity to withstand environmental alterations without permanently having to acclimatize or being compelled to acclimatize a new working system that is more fitting to the new environment.

Your BCP would have to be revised based on the new modifications stated above while observing the ongoing fluctuating scenario. IT disaster recovery teams and DRP teams should give timely reports from their findings to ensure that organizations would affect the modifications. You should document your findings, lessons learned, and contingency plans to create resilience for impending scenarios.

Source: eccouncil.org

Continue reading

Modernizing Your Network Security Policy Post COVID-19

It is not enough to have a resilient traditional plan to survive the COVID-19 pandemic. You need an all-inclusive business continuity plan (BCP) that encompasses the restoration of your business operations and technology in the event of an unplanned incident. Your BCP or incidence response plan should include rapid response to security breaches and business restoration in case of a natural or man-made disaster.

With the growing dependence on cloud technology, it is becoming more critical that organizations secure every aspect of their online information and data. Since the pandemic has already had negative impacts on the global economy, the question now is whether organizations should redesign their network security policy post-COVID-19 pandemic or not.

A shabby network security policy is of no use to your organization. It merely renders your security an ad hoc process regulated by the network administrator at that particular moment. A solid network security policy keeps malicious operators out and also exercises control over likely dangerous users within your organization. Thus, you need a Certified Network Defender (CND) to assist with the construction and implantation of a well-rounded network security policy.

What is a network security policy?

Network security policy is a complex document that outlines the organization’s expectations regarding its security goals, scope, and responsibilities. The document itself is typically formulated by a committee and it is usually more than a few pages long. The network security policy summaries the organization’s security processes, mission statements, attitude to risks, and the penalties to be faced when the policies are flouted. However, this security policy goes beyond the mere notion of “keeping the bad guys out.”

It is a multifaceted document intended to regulate data access, applications of passwords and encryption, web-browsing behaviors, and email attachments, among others. The security policy stipulates these rules for persons or groups across the organization. These policies could be conveyed as a set of instructions that could be recognized by special purpose network hardware designed to secure the organization’s network.

Network security policies can be divided into two broad categories:

User Policies

Generally, user policies outline the boundaries of a user or group of users concerning the network or computer resources within the office environment. For instance, this policy states what employees are permitted to install in their computers and whether they can operate removable storages or not within the workplace.

IT Policies 

IT policies are generally constructed for the IT department and it outlines their limits towards the network resources in the organization. This security policy aims to secure the functions and procedures of IT departments.

Why is a network security policy important?

When working over the internet, LAN, WAN, or other internet-connected systems, network security is one of the most vital things to consider regardless of the size of your company. It is the responsibility of your organization to secure the physical assets, users, and data that operate within or travels across your networks.

Furthermore, the task gets more demanding as networks become more complex. According to some Gartner analysts, the more networks increase, the more difficult it is to implement the correct security policies at the appropriate network control points. Network security policy management helps your organization increase its visibility across all distributed environment. It also systematizes and regulates these policies to expand business security. 

What is the purpose of a network security policy? 

The purpose of a solid network security policy includes: 

◉ Defends users and information

◉ Outlines steps to follow in case of a security incident or breach 

◉ Authorizes employees to check, review, and investigate 

◉ Describes the form of technologies to apply and those that cannot be included in the network. 

◉ Serves as a standard for the next step in the development of network security 

◉ Designs the guidelines for expected behavior 

◉ Outlines the penalties of violations 

What should be in a network security policy? 

Creating and supervising a security package is a process that most businesses grow into after a long while. The first step is often to assign an incident responder or an employee that would oversee cybersecurity issues. Cybersecurity issues often follow the top-down method. This suggests that the security expectations are deliberated, outlined, and sanctioned by the top management committee. 

Most often, a single document may probably not resolve the demands of the whole users within a large organization. You need to ensure that the components of your network security policy are consistent with the needs of your audience. The fundamental requirements for network security policies are listed below: 

Acceptable Use Policy (AUP) 

Acceptable use policy (AUP) or appropriate use policy, is one of the most common security policy components. AUP outlines what users are permitted or not permitted to do on the many components of the system within an organization. This covers the kind of traffic that is permissible on the networks. For instance, an AUP may itemize the groups of banned websites. 

Incident Response (IR) Policy

An incident response policy is a prearranged procedure to how the organization will tackle an incident and mitigate its impacts. The objective of this policy is to define the procedure for managing an incident with regards to restricting the harm to consumers, business operations, and minimizing recovery costs and time. 

Access Control Policy (ACP) 

An access control policy (ACP) stipulates the access obtainable to workers as regards the company’s information and data systems. ACP also outlines issues such as the complexity of corporate passwords, network access controls, specifications for user access, and operating system software controls. An example of ACP is IAPP, also some ACP topics are stated in the NIST Access Control and Implementation Guide. 

Information Security Policy 

The information security policy of an organization is intended for workers. This helps them realize that certain regulations are in place that would hold them ransom when IT infrastructure and other sensitive corporate information and data are compromised. 

Business Continuity Plan 

A business continuity plan (BCP) is a unique business plan, which each organization exploits to communicate how they will respond in case of an emergency. The BCP will direct all endeavors throughout the organization and will implement the disaster recovery plan to reinstate data, hardware, and applications considered vital for business continuity. 

Change Management Policy 

Change management policy is a formal procedure for amending software development, IT security, and other security operations. The objective of this policy is to upsurge the consideration and responsiveness of the projected amendments across the organization. A change management policy also makes certain that all amendments are handled systematically to lessen any unpleasant effect on consumers and services. 

Disaster Recovery Policy 

A disaster recovery plan is generally designed as part of the grander organization’s continuity strategy and it covers both the inputs of cybersecurity and IT teams. Here, both the incident response plan and business continuity plan might be required. 

Remote Access Policy 

A remote access policy describes a document that describes and summaries the appropriate guidelines for employees to remotely connect to the organization’s internal networks. No one anticipated the COVID-19 pandemic and now most businesses are forced to operate remotely. The move to the cloud is not without its risks. Insufficient cybersecurity policies can render an organization’s network vulnerable and exposed to risks. 

What is network security policy management? 

IT teams and network administrators apply network security policy management to regulate their network situations and defend their businesses against growing risks. Most businesses are faced with widespread security policies or even manifold policies, which are almost impossible to sustain and hard to implement manually. Overly complex businesses and those that operate in a deeply controlled industry experience this difficulty more intensely. 

Even smaller companies tussle with locating the right time and resources to authenticate policy compliance. However, the fundamentals of a network security policy are to provide more visibility and control into system environments and user endeavor. This can only be reached if you have an operative process to accomplish your security policy. 

The most effective means of ensuring that your network security policy is up-to-speed, meet your policy expectations, and identifies and corrects anomalies rapidly, is to give your staffs’ network certification training or employ the services of a certified network security administrator. 

How can network certification training help you? 

If you want to secure your network against attackers, you need a solid network certification training. A well-organized network security training will expose you to the numerous routes and methods cybercriminals exploit to compromise your network and computers. You will also get hands-on training that allows you to think beyond the regular security techniques to the advanced security techniques.  

About CND: Certified Network Defender 

The Certified Network Defender (CND) is a certification program that creates savvy network administrators who are well-trained in identifying, defending, responding, and mitigating all network-related vulnerabilities and attacks. The CND certification program involves hands-on labs constructed through notable network security software, tools, and techniques that will provide the certified network administrator with real-world and up-to-date proficiencies about network security technologies and operations.

Source: eccouncil.org

Continue reading

5 Must-have components for every Business Continuity Plan in a Coronavirus World

Businesses have had a rough start to the beginning of the new year, 2020, and new decade. From COVID-19 to Puerto Rican earthquakes, from volcanic eruptions in Alaska to powerful tornadoes of Tennessee, enterprises have faced several challenges. During such unanticipated situations, organizations need a contingency plan to continue their business operations. Moreover, a dedicated team of security professionals is needed to build a robust business continuity and disaster recovery (BC/DR) plan. It would be the team’s responsibility to keep the business afloat during the tough times, i.e., unexpected events, including coronavirus. 

The Key Elements of a Business Continuity Plan in a COVID-19 Coronavirus World   

Disaster recovery professionals should be able to predict potential interruptions. Check out this detailed coverage by Tim Foley, Director of Information Security for the CYBER division at Dataprise. In the video, he comprehensively covers whether the organizations are ready to combat cyber threats:

Here’s a list that you can refer to while drafting a business continuity (BC) plan –   

1. Risk Assessment – Conduct BIA (Business Impact Analysis)  

The Business Impact Analysis (BIA) anticipates the possible repercussion of disrupts on regular business operations. It analyzes and gathers details to draft a recovery strategy. In other words, BIA is an assessment of potential loss during a disaster. Using BIA, staff identify mission-critical activities and suggest an optimal recovery time.   

2. Risk Mitigation   

Mitigating cyber risks is a must. Eliminate the loopholes risking the safety of company assets and business operations. The professionals should draft a comprehensive module dealing with the minimization of the risks. To serve the purpose, the team can incorporate the following in the plan –   

◉ Either cut or drop points of dependency   

◉ Check third-party readiness    

◉ Detailed IT backup strategies    

◉ Maintain stock of critical equipment or tools to repair 

◉ Split functions and resources at multiple sites    

◉ Keep substitutes handy    

◉ Build preventive maintenance and testing programs    

◉ Cross-functional training for the team   

3. Be Ready with Business Continuity Strategies  

It is a must that organizations should have the listed strategies in place –   

◉ Alternate practices to continue daily operations    

◉ Outsourcing or third-party service providers    

◉ Secondary or backup suppliers    

◉ Prioritizing business operations and demand of customers    

◉ Work from home strategies    

◉ Availability of mobile offices   

4. Establish Clear Roles and Responsibilities  

Depending on the size of the organization, build a planning team that is clear about their roles and responsibilities. If it is a small-scale enterprise, then involving all the employees would be a great idea.   

5. Implementation and Testing  

The involved professionals should undergo regular training sessions and simulation exercises. Based on the outcomes of these “fire drills,” organizations adopt the required changes. After this, enterprises are free to put the drafted business continuity plan in place.  

In conclusion, the team should consider the listed elements for prioritizing key business processes. A detailed program can spot potential cyber threats and include mitigation strategies. For this, businesses need a disaster recovery professional with skills in business continuity.

Source: eccouncil.org

Continue reading

How to Build a Strategic Business Continuity Plan beyond COVID-19

After the rapid spread of COVID–19, arguably, every organization around the world shifted its primary priorities dramatically. As a result, several concerns surfaced, such as disruption in the workforce, daily business operations, and supply chain. A recent report on “business responses to the COVID–19 outbreak” suggests, 51% of enterprises around the globe do not have a business continuity plan. Out of more than 300 businesses, half of the organizations are not ready to combat disasters. Well, with employees working remotely in the wake of coronavirus-themed attacks, companies need a sound IT disaster recovery and business continuity plan.

As the updates on the disease fill the news, business leaders are struggling to keep up. Moreover, the traditional disaster recovery plan steps focus on recovering utilities and physical resources. Yet, they fail to cover the sustenance of daily activities during such tough times.   

In this blog, we have put together the crucial steps to shape a pandemic response plan.

3 Elements of a Business Continuity Plan during the COVID-19 pandemic  

The following components will address the ways to keep the business operations running at the time of unforeseen events.   

1. Business resilience

A healthy business continuity plan should focus on business resilience. Today, companies are fighting an unexpected war to keep their daily activities going. To summarize, they need an evolution in protocols to keep their businesses running.   

Furthermore, business resilience needs the evaluation of core business systems. Enterprises rely on hybrid infrastructure, the right blend of on-premise and cloud-based infrastructure. The arrangement is perfect for leveraging new technologies while managing financial burden within an acceptable limit.

Thus, generating the need for a better business continuity plan. It should ensure smooth access to company tools and resources when working from home. 

2. Licensing requirements 

Another factor to consider is licensing requirements for the entire staff. For instance, a firm has 500 employees but owns only 300 VPN licenses. Organizations must have a policy dealing with such a situation in the time of need. Meanwhile, configure the firewall architecture to accommodate the sudden increase in network traffic. Even other network security solutions, including Intrusion Prevention System (IPS), needs to work accordingly.

3. Address themed attacks 

Unfortunately, cybercriminals are using the impacts of the pandemic to their advantage. They are carrying out phishing scams to target vulnerable individuals and organizations. Employees eagerly waiting for updates on COVID-19 are most likely to fall prey to these scams. The plan should incorporate an efficient system to stop phishing campaigns. It will also help in shutting down a potential cyberattack.

Source: eccouncil.org

Continue reading

4 Cybersecurity Challenges affecting Business Continuity since the Coronavirus Outbreak

With the rise of coronavirus (COVID-19), businesses around the world are facing major disruptions. They are struggling to continue business operations and secure their corporate assets. At the same time, employees are combating a tough fight against the virus itself. To make things worse, cybercriminals are riding on this opportunity, trying to make the most of the situation. A couple of weeks ago, Proofpoint researchers discovered coronavirus-themed attacks. Apart from the increase in malicious messages, experts observed a form of attack budding on the fear of purported unreleased cures for coronavirus.

Amid the spread of this global pandemic, employers are tossing between allowing their employees to work from home or continue to operate from the established offices. Regardless, organizations need to consider the risks associated with their data security and data privacy in the wake of potential impact.

As coronavirus is not only affecting one’s health but also the continuous growth of businesses, it is time for them to expand their IT disaster recovery and contingency plans to address unforeseen scenarios. Enterprises need a plan that covers all possible types of fabricated attacks during the rapid emerging outbreak of COVID-19.

Address These Cybersecurity Risks in the Wake of Coronavirus

With threat actors entering the picture, enterprises and their management board should consider the listed security risks that have surfaced after the birth of COVID-19.

1. Phishing frauds thriving on fear

Recently, WHO released a warning, alerting individuals to beware of the phishing emails appearing from “WHO representatives.” These emails ask for sensitive login credentials or encourage individuals to either click on a link or download malicious software. Other renowned publications also came forward, showing similar phishing scams that seemed to be generated from ‘authorized professionals.’

Source: Wired

How to mitigate the risk?

In such a situation, organizations should raise awareness to make their employees follow valid COVID-19 related alerts and subscribe to official institutions only. For instance, The Office of Homeland Security Cybersecurity and Infrastructure Agency (CISA) published its insights on ‘Risk Management for Novel Coronavirus.’ Furthermore, the management team should concentrate on finding a secure way to communicate with their employees.

2. Challenges of working from home

For smooth business operations, companies may decide to permit their employees to work from home. In that case, employees may use a VPN to access the company’s network remotely. Evidently, in today’s world, dependency on VPN not only exposes sensitive data to security risks but, with the adoption of cloud services, multiplies the existing cyber risks exponentially.

How to mitigate the risk?

The increased network traffic on VPN exposes the larger community to security risks. The solution to this problem may start with the patching of installed software regularly. But the inability of IT representatives to be available on various remote sites adds on to the primary challenge. Companies should accommodate a disaster recovery plan that can deal with the issues of a remote workforce. The plan must contain timely solutions to address all the associated problems.

3. Accessing sensitive data on public Wi-Fi

Do not presume that employees will use corporate assets on a safe wireless network. A few may expose corporate accounts to insecure public Wi-Fi networks. Cybercriminals can attack these networks to gain unauthorized access to sensitive data. For instance, when an unencrypted form of information is transmitted through an unprotected network, a threat actor can intercept it to steal the data.

How to mitigate the risk?

The best solution to prevent the theft of information is not to disclose sensitive data on unknown public networks. Apart from that, use SSL (Transport Layer Security) connections to set up a layer of encryption for all your communications. Employees can do this by enabling the “Always Use HTTPS” option that will protect their login credentials even on public Wi-Fi.

4. Easy Communication for Outsourced Services

The dependency on third-party service providers can also affect the business after COVID-19’s ill-effects on the outsourced parties. Especially if the enterprise is relying on these providers for critical services, including specific IT operations, website management, or many others. The viral outbreak can lead to disruption, creating loopholes in the existing system.

How to mitigate the risk?

To deal with the issue, the company must consider a factor addressing supply chain management. This plan should help the IT team to identify and connect with alternative service providers quickly.

Under critical circumstances, organizations should review their existing business continuity and disaster recovery plans to address the challenges born out of a pandemic. The program should be able to adapt in the face of additional changes.

A specialized disaster recovery plan steps should include pandemic events, such as COVID-19, and must possess the following –

• Inclusion of a proactive program that ensures the firm’s business operations will run uninterruptedly during a pandemic event. It will work on smooth communications and coordination with third-party service providers.
• The documented plan must identify and follow the company’s process and controls.
• Contain a framework that covers all the business locations of the enterprise and check whether they are capable enough to continue regular business operations.

Source: eccouncil.org

Continue reading