In the never ending efforts of many large organizations to keep up with the changes created by Covid-19 – both business and governments – new revisions and updates are being pushed almost weekly to address the onslaught of questions being sent in.
Recently the UK’s National Cyber Security Centre released a blog post regarding the updates and changes associated directly with Cyber Security and the world existing with Corona Virus.
Who Is The National Cyber Security Centre?
The NCSC is a government entity that supports a number of social and business continuity sectors as well as public health and safety.
Essentially this is the United Kingdom’s ‘best of the best’ within the government for managing cyber security.
More specifically, the NCSC:
- understands cyber security, and distills this knowledge into practical guidance that we make available to all
- responds to cyber security incidents to reduce the harm they cause to organizations and the wider UK
- uses industry and academic expertise to nurture the UK’s cyber security capability
- reduces risks to the UK by securing public and private sector networks
It’s the same, but different
According to the NCSC, on the surface the guidance may feel the same but that a lot of the guidance has changed including:
- added a new section to help organisations prepare for an incident
- updated the attackers’ modus operandi
- provided additional detail regarding backups, preventing malware from being delivered, spreading to devices, and running on them
- re-emphasised some of our key messages if your organisation has already been infected with malware
Whilst we recognise that not all organisations have crack teams of security architects at their disposal, we believe this guidance provides an achievable set of actions that most organisations will be able to implement. This is why we have also included additional and updated references to resources, which will help you prepare and respond to malware attacks.National Cyber Security Centre – UK Gov
Many of the items listed in the guidance are ‘good to know’ or ‘good to implement’ information but with the understanding that many organizations simply do not have the manpower required to implement much beyond these guidance points.
- Action 1: Make regular backups
- Action 2: Prevent malware from being delivered and spreading to devices
- Action 3: Prevent malware from running on devices
- Action 4: Prepare for an incident
- Steps to take if your organisation is already infected