Cybersecurity Readiness in a Pandemic Era

By Dom Chorafakis, P.Eng, CISSP - March 2, 2020

As the coronavirus (COVID-19) continues to spread around the globe, and with the first suspected instance of community spread in the U.S confirmed by the CDC, time is quickly running out for individuals and businesses to prepare for the inevitable disruptions of an outbreak. Business Continuity and Disaster Recovery planning are two critical components of a good cybersecurity strategy. These plans ensure that a business has the necessary systems and procedures in place to enable ongoing operations during a crisis, and allow them to quickly and efficiently resume normal operations once the crisis is over.

There is no doubt that a coronavirus outbreak will have a significant economic impact on businesses, especially those located in affected areas. The 2003 SARS outbreak in Toronto which saw 375 cases in the 110 days between February 23rd and June 12th 2003 is estimated to have cost Toronto businesses approximately $1 billion.  With the worldwide number of COVID-19 cases already 10 times higher than the total number of SARS cases in 2003 and no end currently in sight, the economic impact is expected to be much more severe.

Many large corporations have Business Continuity and Disaster Recovery plans in place and regularly test those plans to make sure they are ready to respond when disaster strikes. Unfortunately, most small and medium businesses lack the expertise and resources and are unable to cope with a crisis. To help businesses prepare for the anticipated disruptions caused by a COVID-19 outbreak, organizations such as the U.S Centers for Disease Control (CDC) have provided guidance that businesses of all sizes can use to develop strategies specifically for a coronavirus outbreak and emergency planning in general.

Being proactive and having a plan in place is critical to a business’s ability to survive a crisis. There are lots of great resources out there that people can use to help them build robust Business Continuity and Disaster Recovery plans, although details can be a bit sketchy when it comes to cybersecurity. It’s also important to remember that this isn’t something that’s done once and put on a shelf, it needs to be an ongoing practice.

Ongoing cyber-awareness training is one such example. Cyber criminals often take advantage of major global events as a way to trick users and infect systems, the threat of a COVID-19 pandemic is no exception. Security researchers have already reported several scams involving email that claims to be from HR with updates on company staff affected by the virus or updates from the WHO or CDC with attachments that are used to install ransomware and other malware. In light of the fear and confusion surrounding the coronavirus outbreak, employees should be reminded to be vigilant and suspicious of email claiming to provide information or updates about the virus.

Businesses need to make sure their continuity plans cover a wide range of topics like ensuring employees have secure remote access to critical business systems, having a secure way for people to share files if they need to work remotely for extended periods of time, or being able to communicate with customers in the event a facility is quarantined. This can all be a bit daunting, so we’ve created list of free resources businesses can use to help them build their plan which is available here.