Organizations are reacting and adapting as never before. Remote working is suddenly an unavoidable choice for many organizations and could permanently shift working patterns as they are forced to embrace work outside of a traditional office.
During these times the pressure to get connectivity up and running and get people back to work is paramount, keeping people safe and the business alive is the order of the day. The following are some key take-away’s if you have recently enabled new remote access functionality:
- Change default passwords for any new remote access capabilities
- Enable Multi-Factor authentication
- Make user passwords long and complex (15 characters minimum and alphanumeric)
- Update your vulnerability scanner with the IPs of your new equipment
- Do not enable RDP access to systems over the internet (If you must, use IP whitelisting at a minimum and see 2 above)
- Be aware of Covid 19 phishing attacks, preying on uncertainty and appearing to be from internal sources, disguised as meeting invites or from fake sites purporting to be charitable organizations looking for donations
- Enable transport rules to show where emails have originated from outside the organization
- Be aware of compliance obligations which may be impacted by changing your access methods such as PCI DSS for example
BSI, like all other companies, has adapted the way we work. We understand the challenges your business face and we want you to know that we are there when these exceptional times become business as usual.
We have developed a suite of virtual capabilities that will allow our consultants to deliver most of our consultancy services portfolio remotely, allowing greater flexibility and avoiding the disruption of security services delivery. All our consultants are equipped with collaboration technologies and tools to perform virtual consulting from the most basic simple video conferencing to highly involved penetration testing using our remote capability internal penetration testing solution. Below is a list of our virtual capabilities:
We can deliver 100% of security penetration testing services remotely. The internal testing can be performed through our secure remote internal testing solution. This solution has been developed to provide a safe, secure and reliable connection into a remote network to allow one of our consultants to perform remote internal testing
- Virtual Forensic and Data Protection Services
eDiscovery & Digital Forensic support and Data Protection services are remotely available through our secure collaboration solutions. Our consultants can deliver off-site services to allow our clients to avoid disruption in mandatory legal activities.
Global efforts to respond to COVID-19 are as varied as interpretation of data protection laws. Read our new article and delve into what are the Data Protection considerations for COVID-19
- Business Continuity and Disaster Recovery
Business resilience is a key pillar of every organization’s security processes. Ensuring a critical business system’s continuity will allow an organization to perform business as usual activities. Business continuity plans, Business Impact Assessment (BIA) and disaster recovery can be assessed and improved by our consultants remotely
BSI has developed an incident management remote support capability to allow organizations to manage complex security events or incidents and continuously improve their incident management capability. We use the latest technologies and human expertise to gather, analyze and prioritize potential Indicators of Compromise (IoCs) with a view to determining the scale of a compromise and a subsequent remediation plan
Resources upskilling is a fundamental requirement to close the skill gap and reduce human related cyber threats’ impact. Our security awareness and training team can deliver virtual training workshops and sessions remotely. Just log-in to our remote training solution and allow your team to support your training requirements or learn more about our Connected Learning Live platform
- Cyber, Risk and Advisory Virtual Services
Security governance services are of great importance for an effective security program. Organizations are always facing great challenges that comes from remotely managing security controls and evaluating their effectiveness. Our Cyber, Risk and Advisory Team (CRA) can deliver virtual consultancy through video conferencing solutions and secure file transfer platforms
We have some live examples across Europe where our consultants are currently delivering virtual consultancy:
- PCI Audit – a client, a travel technology company, our consultants are delivering a PCI audit where the assessment of logging and monitoring capabilities proceeded smoothly with reliable and secured video conference technology
- Policy Review – with an Italian client, once the client acclimatized with remote working, understood that at this time they can use virtual consulting services to enhance their policy set given some of the improvement points previously identified
- Response plans – as part of their response plans we are providing remote access to elements of the client systems which are not normally accessible remotely. To help manage the risk they have requested that we test the interfaces once a week and they have an option to call off addition tests if they need to make a change to the interfaces
- VPN Security Testing – a client request following the addition of additional VPN devices, the client requested a configuration assessment and security test be conducted to ensure the security of the new systems
Other Resources
Take a look at our supplementary resources to help you be safer and more secure online:
- Working from home? We have created a number of precautionary steps to help you to stay safe at home. Read our infosheet for more information
- Robust remote working - BSI has put together a list of tips that can keep your business secure and resilient during this time. Read Stephen Bowes, Global Practice Director, Information & Security Technologies top 10 tips on preparing for the evolving and distributed workplace
- PCI SSC new blog - Read Troy Leach, Senior Vice President, Engagement Officer, PCI SSC blog about performing assessments in light of the recent coronavirus outbreak