23/03/2020
As many employees will be working from home during the state of emergency, it is necessary to pay special attention to the risks implied by remote working and to cyber security. It is now, more than ever, essential to address the vulnerabilities of your information system and minimize those that can be taken advantage of through remote access. Also, the monitoring of alerts and network behaviour in the conditions of remote working and a reduced number of employees is of paramount importance for taking pre-emptive action against potential malicious attacks.
A trend has emerged globally where the anticipated and understandable increase in Internet users’ interest for coronavirus-related information is used for phishing and other types of attacks. In order for these attacks not to materialize, it is necessary for you to set up appropriate pre-emptive controls to prevent problems and incidents and acquaint your employees with possible attempts at such type of fraud.
It is also important to pay particular attention to the risks relating to employees engaged in and/or accessing the information systems, and their rights of access, locations from which access is made and the devices used. For instance, there is a need for adequate management of the administrative privileges for systems and users’ rights of access having in mind the reduced number of employees on account of illness/leave/remote work. It should also be checked whether the lists of privileges stored in safe locations have been updated and noted that key employees may not be there when you need them.
Moreover, you should reconsider your business continuity plans. Try to work out new test scenarios that consider coronavirus-related threats to business operations (reduced number of employees, inaccessibility of working premises due to contamination, etc.). There may also be problems with services outsourced to third persons due to their lack of human resources or the inaccessibility of necessary hardware resources on account of broken supply chains. Make sure to verify timely whether you have the spare parts for your key equipment and whether you have identified potential suppliers of equipment and services you can rely on in case of threats to business operations caused by more severe IT incidents.
In particular, attention should be paid to confidentiality of information and personal data that could be threatened or compromised in the conditions of remote working. It is therefore necessary to consider all pre-emptive measures that could lower the above risk through the use of encryption of transmission channels and, if possible, the devices of employees working remotely, through updating their operating systems versions and software and tools being used, consistent use of complex passwords, etc.
We highlighted only some of the possible IT risks that could emerge during the ongoing pandemic and state of emergency (time limitation of movement). The IT risks cannot be avoided but in the conditions of the crisis we are facing they should be addressed with still more attention, in order not to threaten the business operations of your institution and, indirectly, also the stability of Serbia’s financial sector at large.
Centre for Information Systems Supervision
