COVID-19 Advisories - Cyber Security Best Practices

Industry Paper- Business Resiliency & Security

Since the lockdown began in March, DSCI and CISOs from various sectors (BFSI, IT/ITeS, Oil & Gas, Healthcare etc.) came together to discuss and find solutions to the business and operational challenges that came along with COVID-19. This paper attempts to summarize our collective discussion, that was spread across 7 weeks, with CISOs on various fronts of cyber security such as - enabling WFH, challenges with VPN, changes in public policies to facilitate WFH, business resiliency and managing security, and look at some legal and compliance challenges. We also attempt to capture security’s changing architecture paradigm and how CISOs can develop plan of resuming work from office under new-normal. Finally, this paper also serves an account of how the security fraternity, behind the wall, handled the unimaginable and unprecedented pandemic disaster.

Advisory - Resuming Work from Office under the New Normal

As organizations begin to think about resuming work from office post the pandemic outbreak, it becomes imperative to think about strategies and initiatives that will help organizations to settle down quickly in the “new normal”. To many CISOs, COVID-19 has been like a zero-day attack on our lives. No matter the level of scale and complexity of the organization and the sector it belongs to, the strategy for fighting such a humanitarian issue must include the basics of any organization – People, Processes and Technologies.

This document tries to provide an answer to one of the most pressing issues of the hour – how can organizations resume work from office under the new normal.


Advisory - 'Maze' Ransomware

Amid COVID-19, there has been an increase in cyberattacks ranging from phishing to ransomware, especially Maze. The Maze ransomware attack is an example of advancing malware that tends to move laterally in the network and has the potential to cause disruptions, as per the information available.

Maze ransomware is targeting companies, including Healthcare, IT/ITeS and Banking sectors across the globe. It supposedly gets delivered via emails having attachment embedded with macros to encrypt files using sophisticated techniques. In the wake of recent Maze ransomware attacks, we have released an advisory and a detailed technical analysis of the ransomware.

Advisory - Data Privacy Outlook

As the world grapples with the COVID-19 pandemic, data privacy assumes new dimensions as large amount of health related and other personal data is being collected and shared, of individuals, who have been potentially affected by the pandemic or who may be potential carriers or transmitters of the virus (contact tracing). World over, Data Protection regulators are unanimous over the fact that Data Protection legislations, guidelines or rules should not be an impediment to the management of this infectious disease. However, it does make sense to be mindful of the fundamental tenets and principles of Data Privacy, to strike a fine balance, even in these unprecedented times.

The DSCI Privacy Outlook endeavours to reflect upon and succinctly capture the Privacy implications of COVID-19 for different set of stakeholders and touch upon some of the basic hygiene focussed Privacy and Data Protection practices.


WFH Advisory - for IT Admins

Given the global pandemic of COVID-19, many organizations are transitioning into new environments. Work from home (WFH) has become the need of the hour with utmost priority to keep the workforce safe and ensure productivity. In light of these conditions, understanding the available options and working with quality IT services providers, we can safely navigate the cyber world and keep our businesses seamless and protected.

As an industry body, it is DSCI’s continuous endeavour to help you stay connected throughout the COVID-19 pandemic and support organisations to implement cyber security best practices and stay safe.

DSCI team has released an advisory document highlighting the ‘Work from Home – Best Practices.’ We wish for the safety of everyone and hope that you find the document helpful in mitigating the challenges currently surfacing in the business world.

WFH Advisory - for Employees

While the COVID-19 scare has upended lives and led to major health concerns, it has also pushed organizations across adopt a full-scale Work from Home (WFH) model. Cyberattacks are on the rise and cyber criminals are exploiting weak security controls and using social engineering to mislead employees, leaving businesses vulnerable.

While IT and security teams are scrambling with various security policies and options to ensure business and workforce safety, the onus lies on the employees as well to follow security guidelines and secure their organization’s information and data.

Thus, DSCI has prepared a simple end-user Cyber Security Best Practices guide for employees. These simple and easy tips will ensure basic security protocols are followed by employees, which in turn can minimize cyberattack risks.


Advisory for Hospitals & Healthcare Industry

Currently, hospitals and health care industry are the frontline responders across the globe and are increasingly scaling up their collective efforts to offer necessary care and treatment to the patients diagnosed with COVID-19 symptoms, trying to save lives selflessly.

While hospitals are working round-the-clock handling the inflow of patients, they have become soft targets for cybercriminals due to lack of contemporary IT infrastructure and willingness to pay the ransom, thanks to their critical nature of work.

DSCI has prepared a simple Cyber Security Best Practices guide for Hospitals and the Healthcare industry. These preventive measures will ensure basic security protocols are upheld which can help in minimizing cyberattacks.

Advisory for Law Enforcement Agencies

As Coronavirus is continuously causing widespread disruption, the Law Enforcement Agencies (LEAs) confront a major challenge of controlling the spread of the disease and maintain law & order whilst safeguarding their own health as they are more prone to get infected, working at the ground level.

As LEAs hold the first line of defense to ensure precautionary measures enforced by the Government, DSCI has prepared a detailed guide for Law Enforcement Agencies which consists of two parts. The first part is a consolidation of safety tips that will help minimize infection risks while ensuring the police remain safe on/off duty. The second part of the advisory focuses on Digital Forensics safety, ensuring Cyber Security best practices for LEA departments, and cybercrime awareness.


For any further query or clarification, please feel free to write to safewfh[at]dsci[dot]in.