COVID-19 and Cyber Risk

By Guest Author : Hala Elghawi

The current circumstance of COVID-19 can increase organizations vulnerability to cyber-attacks, phishing attempts and fraud. All organizations required to exercise caution in that respect to continue functioning normally and efficiently. As many organizations moved to remote working arrangements they are required to make sure they are improving the resilience against cyber-attacks associated with COVID-19 without disrupting productivity.

We are listing below some of important controls to be implemented to improve resilience against cyber-attacks:

Since human is the most vulnerable asset in any organization, we highly recommend raising employees’ cyber awareness against phishing emails, fraud and cyber-attack. Employees must be instructed to exercise caution around COVID-19 related phishing emails, vishing calls, SMSs, social media content, etc. and must be trained in how to detect these attacks and report any suspicious cyber activity to the right party in the organization.

Using MFA in accessing critical organizations assets or corporate network remotely. Using MFA forms an additional challenge for threat actors, reducing the likelihood of gaining unauthorised access to an account.

Prevent users from installing and executing unknown software to reduce the likelihood of malware infection from email or websites and ensure thorough security risk assessments are conducted for any new technology being introduced for remote operations.

New access granted or amended access level must be monitored during such circumstance to detect any unauthorised access.

Intensify monitoring capabilities, by retaining detailed logs and ensuring that reporting, alerting and access to logs are available for a specific time depending on the organization size.

Ensure Data Loss Prevention capabilities exist to prevent data breaches across all organization’s channels. If a preventive control is not available, disable the file sharing and Copy/Paste functions.

Who is Hala ?

Hala has more than 13 years of experience in banking industry and she is  passionate in Risk management, Controls, Information Security, Technology, Business Continuity Management, and IT Governance. She hold a Master’s degree in Quality Management, and the BSc in Management Information Systems, and I am certified in PMP (Project Management Professional), ISO 27001 Lead Implementer, COBIT Foundation & COBIT Implementation in addition to having a diploma in Risk Management.

Exit mobile version