Valkyrie: COVID-19. We're here to helpBy Valkyrie | 22 Apr 2020
Valkyrie: COVID19. We're here to help
As a result of recent turbulent times, Valkyrie would like to reassure our clients that we are here to help you maintain the highest Cyber-Security Resilience against a wide variety of new and old attack vectors being utilised by opportunists and professional Criminal Hackers, whilst ensuring your Policies, Processes and Procedures are absolutely fit for purpose.
During this unprecedented pandemic, organisations are facing many challenges with the risks of COVID-19 disrupting business as usual activities. Due to this, most industries have seen a sharp increase in a remote workforce, as well as high requirement for implementing Business Continuity Planning. All while still wondering how this situation will affect your overall business now and moving forward.
It is important that execution of Business Continuity Plans is at its most effective. In the last 3 weeks, there has been a drastic increase in COVID 19 related cyber-attacks – everything from phishing emails to scam phone calls and more. How well are you prepared to defend these successfully? Attackers will always leverage a crisis to deliver ransomware attacks, denial of service and attempt to gain unauthorised access. As the Chinese word for Crisis means danger and opportunity respectively, wherever there is danger there are those that will seek to benefit.
There are things that you can do now to ensure that whilst you are executing your business continuity planning so that security considerations are also being made:
- Educate users on the risks of the numerous COVID-19 phishing attacks. Don’t click on any links or open attachments that report to be from WHO (The World Health Organisation), HMRC, of your Government without first verifying this is from them. Better still, only trust information from verified sources such as news outlets or government information pages.
- Check VPN’s have no known vulnerabilities and ensure these have been security tested to ensure an attacker cannot bypass the controls and gain unauthorised access.
- Ensure that MFA (Multi-Factor Authentication), has been enabled for all remote users, to reduce the likelihood of credentials phishing/stuffing.
- RDP (remote-desktop-protocol) should not be exposed to the Internet, but if in these circumstances it is, ensure those services are fully patched and that MFA is enabled, and enhanced monitoring and controls should be enabled.
- Messaging should be provided to all users about reporting incidents and the urgency of doing this. Information should include who and how to report these, including what information to share.
- Incident response plans should be tested against a remote situation, especially if attacks like ransomware and denial of service are executed against an organisation.
- Penetration testing should be conducted as well as any other critical information security exercises to ensure any open doors or vulnerabilities are addressed. Ideally internal network testing should be conducted via a VPN to test what an attacker could do if they were able to gain access through the VPN.
Valkyrie is here to help. We understand that during this time where everyone is focusing on availability, we are also ensuring we help you protect the confidentiality and Integrity of your critical informational assets. Now more than ever it is critical to maintain the balance of this triad, to assist your organisation is navigating the coming weeks and months, allowing you to surface on the other side with as minimal damage to operations as possible.
The dedicated and loyal team at Valkyrie are at the front line of defence and want to ensure you, we are agile and experienced in ‘Incident Management’. We want to provide all our loyal clients with the very best technical and commercial support you need to protect your employees, suppliers, clients and overall business with focussed initiatives where you need them most.