Cybersecurity and Privacy Resilience Center
Team Organizations	Cybersecurity and Privacy
Team Leaders	Pamela Gupta Yousra Javed
City, State
Contributors	Anna Lainfiesta Pamela Gupta Nathan Chung
Website
Document

Description

COVID-19 crisis has amplified Cybersecurity & Privacy Risks for organizations with their transition to remote and virtual work arrangements. These risks range across infrastructure, data security, data privacy, remote access, policies, security awareness and compliance.

NIST has many helpful resources for small businesses like the popular NIST Cybersecurity Framework, on the Small Business Cybersecurity Corner website.

Audience: Small-medium businesses and organizations

Identify

• National Cybersecurity Alliance (NCSA) Security Tips for Remote Workers
• The CISA Critical Infrastructure Operations Centers and Control Rooms Guide for Pandemic Response

Protect

• Ransomware
  • Pamela Gupta: Ransomware Protection Plan
  • FBI’s Ransomware guidance
  • Ransomware Impacting Pipeline Operations Chemical

• IoT Security
  • The IoT Security Foundation (IoTSF) and Institute of Workplace and Facilities Management (IWFM) have issued guidance on securing Building Management Systems and Internet of Things systems during the Coronavirus crisis. Commercial Facilities
  • Lock Down Personal Smart Devices to Improve Enterprise IoT Security
  • Guidelines for Managing the Security of Mobile Devices in the Enterprise

• Telework / Video Teleconference Tools and Services
  • Anti Zoom Bombing Guide by Michael J. Oghia Advocacy & Engagement Manager Global Forum for Media Development
  • Selecting and Safely Using Collaboration Services for Telework] -The NSA has released guidance on how organizations can select and secure commercially-available collaboration services. The document proposes selection criteria and provides a brief assessment of popular collaboration services against these criteria.
  • Telework Guidance and Resources - CISA has launched a product line to provide best practices and resources for telework. This include cybersecurity recommendations for using video teleconference tools and services
  • CISA’s best practices for securing video conferencing
  • APT Groups Target Healthcare and Essential Services

• Remote Access
  • SANS Security Awareness Work-from-Home Deployment Kit
  • Cisco Secure Remote Worker - Cisco Secure Remote Worker provides solutions to connect and protect people and devices working remotely.
  • Cybersecurity for small business: Secure remote access - FTC’s guidance to small businesses about things to consider in securing remote access to your network.
  • Free Tools, Apps, and Trials - TrendMicro has provided free Tools, Apps, and Trials to protect your devices and online activity.
  • GoToMyPC - provides tools to securely access your important files, data, and applications from anywhere.
  • RemotePC - provides secure remote access tools with reduced pricing for a limited time to view or control PCs, Macs, and Linux machines.
  • Work remotely, stay secure—guidance for CISOs - Microsoft has shared some best practices and product information to help organizations and employees remain productive without increasing cybersecurity risk.
  • Working remote due to the coronavirus? These 7 tips will help keep your connections secure - Norton has shared tips to help stay secure when you work from home.
• Phishing / Email Security
  • What is Email Phishing and 10 Best Practices To Avoid It
  • DOJ’s advice for avoiding financial scams during COVID pandemic
  • SBA fraud alert Financial Services
  • Q/A about best practices for protecting yourself with the FBI
  • COVID-19 Exploited by Malicious Cyber Actors

• Cloud Security
  • 19 Cloud Security Best Practices for 2019
  • 7 Cloud Security Best Practices to Keep Your Cloud Environment Secure
  • Cloud Security Best Practices

• Security Awareness Training
  • Top 10 Security Awareness Training Topics for Your Employees [Updated 2020]
  • The Ultimate Guide to Security Awareness Training
  • Best Practices for Implementing a Security Awareness Program

• Authentication
  • APT Groups Target Healthcare and Essential Services Healthcare

• Other
  • Guidance to Department of Financial Services (“DFS”) Regulated Institutions Engaged in Virtual Currency Business Activity and Request for Assurance Relating to Operational and Financial Risk Arising from the Outbreak of the Novel Coronavirus (COVID-19) Financial Services

Detect

• WIRED: You Can Now Check If Your ISP Uses Basic Security Measures.
• Email security guidelines
• Five Cyber Security Best Practices to Mitigate Remote Access Vulnerabilities
• Top 6 email security best practices to protect against phishing attacks and business email compromise
• 8 Email Security Best Practices: Is Your Business Safe?
• How to combat fraud due to COVID

Respond

• Cybersecurity - Shared Responsibility for Telecommuters and Organizations - by Omair M.
• RDP brute force attacks on the rise. How to keep your business safe - by Omair M.
• The CISA Critical Infrastructure Operations Centers and Control Rooms Guide for Pandemic Response Information Technology
• COVID-19 CYBERSECURITY RESPONSE PACKAGE\

Recover

• Resources for Business