The Ministry of National Security issued the following Cyber Security advisory amid COVID-19.
Today the Minister of National Security, the Hon. Wayne Caines said, “With global and local attention focused on COVID-19 it's important to also consider the increasing cybersecurity risks. There are reports from other countries that malicious parties are already exploiting this situation for phishing attacks, to spread malware, hoaxes and other threatening activities.”
Minister Caines continued, “Given that greater numbers of people are working remotely from home, organizations exposed to increased threats to systems and data compromises; it is therefore essential that good security practices are followed.
“Our Ministry has been working with the Cybersecurity Governance Board to develop the following recommendations for organizations and those working from home.”
Some of the suggested solutions are as follows. Managers and business owners should:
- Alert staff of the potential for increased phishing attempts and other cyber-attacks.
- Instruct staff to verify by phone or an alternative channel any messages or emails that appear to be from a colleague but make an unusual request.
- Advise staff to obtain their information from trusted official sources.
- Ensure users are only granted the minimum access to information and systems required to do their jobs.
- Require staff and contractors to maintain up to date security patches and anti-malware on personal systems used to access organizational resources.
- Always require strong passwords and preferably multi-factor authentication whenever possible.
- Ensure employees have signed an Acceptable Use Policy and remind them of their responsibilities to protect sensitive company and customer information (i.e. from being accessed or viewed by others) and to only use that information according to company policies (i.e. do not save convenience copies on personal devices or accounts).
- Ensure that physical premises and data assets are adequately secured while offices are unoccupied.
Further:
Managers and business owners should also ensure Systems Administrators:
- Maintain secure and reliable backups of information and systems.
- Maintain up to date security patches and anti-malware protections on systems.
- Encrypt remote connections.
- Prevent storage of sensitive information on unencrypted devices.
- Restrict network access to systems and information to the minimum required to meet business needs.
- Perform enhanced monitoring for security issues and of network/system performance levels.
Minister Caines concluded, “These are unconventional times, and we are encouraging our businesses and residents to please be vigilant and be mindful of protecting and securing their network systems.”