There has been an intense increase in the volume of cyberattack attempts since the COVID-19 pandemic began. While these scams are nothing new, the way they are presented, deployed, and the consequences they have for employers and employees are constantly changing. Dedicated to bringing you the most updated information in these uncertain times, we’ve tapped Tetra Defense, M3’s trusted cyber incident response partner, to offer insights into the world of cybersecurity in the COVID-19 era.
Employers should be aware of their organization’s current cybersecurity policies and procedures, as well as any weak areas that could be impacted by a cyber threat. If you would like to dive deeper into your organization’s information security configurations to evaluate your risk of attack, Tetra has developed this free self-assessment:
Prepare for the long play
The rapid shift to work-from-home may have forced some organizations to relax or disable security configurations and safeguards, even unintentionally, leaving the “door” open for threat actors. Threat actors may be focused on gaining access to systems and networks now, using this time to plot their attacks for when the nation starts to return to normalcy.
With this is mind, we’ve compiled several questions your organization can use to gauge whether or not your environment may have weaknesses, or worse, a threat actor present and waiting to strike.
Does your organization allow direct Windows Remote Desktop Protocol (RDP) from the public internet into your internal network?
If yes, your organization needs to immediately disable RDP access from the public Internet.
Does your organization limit all systems and services exposed to the public Internet so that only those necessary for business are allowed, and do not include known-vulnerable services?
If no, your organization needs to immediately reduce the number of systems and services exposed to the public Internet to only those necessary for business operation. Currently RDP, MySQL, and many other services, are being actively exploited.
Is every workstation/machine and server running anti-malware (anti-virus) software?
Is there an email anti-malware mechanism that examines incoming and outgoing emails that includes a sandbox to examine email attachments before delivery?
Do administrator-level accounts require multi-factor authentication (MFA) to log in?
If no, immediately enable multi-factor authentication for at least administrator-level accounts to prevent threat actors from gaining access.
Do remote access VPN mechanisms require multi-factor authentication (MFA)?
If no, immediately enable multi-factor authentication for VPN mechanisms.
Do all cloud backup archive mechanisms, backup tools, appliances, and devices require multi-factor authentication (MFA)?
If no, immediately enable multi-factor authentication for as many backup components as possible.
If you have questions on your coverage, or want to know more about best cybersecurity practices to prevent a breach, contact your M3 account executive.