As the world reacts to the rapidly evolving Coronavirus situation, many company executives are faced with important decisions to mitigate risk to their business. The purpose of this paper is to provide executives with guidance regarding cybersecurity.

Cybersecurity Measures for a Remote Workforce

Many companies are beginning to implement teleworking policies so that employees can work from home. To ensure a resilient cybersecurity posture, Cipher recommends companies focus on four key components:

1. Ensure effective communication through Cloud Collaborative Platforms. 
This is especially important to facilitate and coordinate cybersecurity operations across a distributed workforce. The cybersecurity team must be able to quickly and effectively implement workarounds and to conduct security patch management activities. One current example is the SMBGhost vulnerability announced this week. SMBGhost is a critical software flaw in Microsoft Windows systems that could enable another “WannaCry” or “NotPetya” situation. Microsoft inadvertently announced the vulnerability and then scrambled to release an out-of-band patch to fix the situation. Security professionals must ensure the rapid deployment of the software patch to ensure their networks remain hardened against any emerging threats.

2. Secure systems that enable remote access.
VPN and other remote access solutions need to be continually patched to ensure they are hardened against threat actors exploiting software vulnerabilities. The employee should be enabled to work remotely using company-issued computer systems that have effective endpoint protection software installed.

3. Test and validate remote access solution capacity.
Ensure that VPN and other remote access solutions are sized appropriately to support a fully remote workforce. In some cases, this may require your company to coordinate with your Internet Service Provider (ISP) to ensure an increased bandwidth is available to support remote access.

4. Review your Disaster Recovery / Business Continuity Plan.
If your company has not reviewed your DR/BCP in the past few months, it would be advisable to do so now to ensure the continuity of your company’s critical operations.

Cybersecurity Awareness for Employees

Cipher is observing an increase in email phishing that utilizes various Coronavirus themes to trick intended victims into clicking malicious links. We recommend reviewing our blog post on this topic and sharing this message with employees to be vigilant and think twice before respond to or clicking on any links received.

Be Prepared for Supply Chain Disruptions

It is advisable for executives to assess their company’s need for critical infrastructure. Once that critical infrastructure has been identified, look to discuss with critical suppliers if they are facing any challenges in meeting demand. In the past few weeks, the tech industry has experienced shortages in computers, smartphones, graphic cards, and other electronic systems. It may be necessary to identify alternative sources of supplies or implement conservation measures to mitigate any disruption to critical infrastructure.

General Employee Safety

Employees are the core of any business and to an effective cybersecurity program. There is a shortage of cybersecurity professionals and it is important to ensure your cybersecurity workforce remains safe. The World Health Organization (WHO) and the U.S. Center for Disease Control (CDC) have excellent resources available for companies to review and consider as they advise their employees on how to remain safe. We recommend reviewing their online products:

• https://www.cdc.gov/coronavirus/2019-ncov/community/index.html
• https://www.who.int/emergencies/diseases/novel-coronavirus-2019/advice-for-public