During this unprecedented pandemic, organisations were facing many challenges with the risks of COVID-19 disrupting business as usual activities, increasing pressure on more remote working, and the extra time needed in implementing Business Continuity Planning.
It is important that Business Continuity Plans are at their most effective.
Here's our top tips to ensure that security considerations are also being made when executing your business continuity planning:
- Educate users on the risks of the numerous common phishing attacks. Don’t click on any links or open attachments that report to be from WHO ( The World Health Organisation), HMRC, of your Government without first verifying this is from them. Better still, only trust information from verified sources such as news outlets or government information pages.
- Check VPN’s have no known vulnerabilities and ensure these have been security tested to ensure an attacker cannot bypass the controls and gain unauthorised access.
- Ensure that MFA (Multi-Factor Authentication), has been enabled for all remote users, to reduce the likelihood of credentials phishing/stuffing.
- RDP (remote desktop protocol) should not be exposed to the Internet, but if in these circumstances it is, ensure those services are fully patched and that MFA is enabled, and enhanced monitoring and controls should be enabled.
- Messaging should be provided to all users about reporting incidents and the urgency of doing this. Information should include who and how to report these, including what information to share.
- Incident response plans should be tested against a remote situation, especially if attacks like ransomware and denial of service are executed against an organisation.
- Penetration testing should be conducted as well as any other critical information security exercises to ensure any open doors or vulnerabilities are addressed. Ideally internal network testing should be conducted via a VPN to test what an attacker could do if they were able to gain access through the VPN.
ZDL Group is here to help. The dedicated and loyal team at the ZDL Group are at the front line of defence and want to ensure you, we are agile and experienced in Incident Management. We want to provide all our loyal clients with the very best technical and commercial support you need to protect your employees, suppliers, clients and overall business with focussed initiatives where you need them most.