This guidance has been written to support ongoing efforts to help mitigate the changing cyber security challenges related to the COVID-19 pandemic. This document is created on a best-effort basis, and it is aimed to provide high-level advice to organizations in order to limit the impact of potential incidents as a result of the changing ways of working and new cyber security risks and threats related to them.
Finally, as also outlined in this document, all recommendations should be first evaluated in terms of feasibility and taking into account the increased workload of the IT operations teams. Only those suggestions should be implemented which can be properly tested and confirmed.
Attackers have already started exploiting the burst of information and heightened alertness of the public for COVID-19 related news. Phishing and spam campaigns and malicious websites/domains have significantly increased in number and frequency in the past week, promising COVID-19 related information and guidance. This threat is further increased by the fact that a largely remote workforce comprised of people who are used to the easy access to colleagues to verify suspicious emails might be less likely to investigate such messages over online communication channels.