The UK’s National Cyber Security Centre and the US Cybersecurity and Infrastructure Security Agency (CISA) have produced an advisory note with information on exploitation by cyber criminal and advanced persistent threat groups of the Coronavirus pandemic.
The note includes a non-exhaustive list of indicators of compromise for detection as well as mitigation advice.
Buildings may become unoccupied or operate with a reduced staff, and this increases the risk of losses to your business. If your premises are running on reduced staffing levels due to a pandemic, letting your insurers know, and keeping them informed of any developments, is essential.
There are some considerations that businesses should keep in mind to protect their assets, people and business:
• Risk assessments must be carried out on the changing risk/lack of supervision in place
• No hot work or other hazardous activities to be carried out
• Any and all hazardous processes to cease (and not run unmanned) and be shut down safely
• Other processes should not be run if there is no adequate supervision; safety must not be comprised
• Heating left on but other critical services powered down if not required, unless to support protection or detection systems
• Drain all water and fuel supply tanks, apparatus and pipes
• All external areas must be clear of waste and combustible materials
• Consider waste build-up and the controls needed if waste collection services are affected
• Critical maintenance of plant, machinery and equipment is not compromised and brought forward as necessary
• All fire protection, detection, and security systems to remain active and monitored remotely where possible
• Maintenance on all protection and/or detection systems must be a priority to protect the property Any material changes are notified to the emergency services
• Any changes to the police response are understood, and insurers notified
• Adequacy of security controls should be assessed based on likely periods of unoccupancy and type of business
• Secure and seal all letter boxes and openings and redirect post if necessary
• Consideration should be given to accumulation of vehicles, proximity to buildings, and their security when premises are unattended
• A full site tour, both internally and externally, must be completed at both the start and at the end of each day, ensuring:
- Perimeter security, fences and lighting are in good condition and operational
- All physical security and locking devices are working and in place
- All protection and detection systems are operational
- There are no leaking fluids or spills
- Any unsafe conditions are identified and remedied o All site tours must be logged.