CYBERSECURITY CYBER EVENT RESPONSE CHECKLIST With many more employees working remotely during COVID-19, there are myriad cybersecurity threats to public entities that may have not previously been an issue. This section outlines some of the cyberthreats and response best practices.
IT BEST PRACTICES FOR CYBER SECURITY ❏ Have IT schedule and track all patch updates to software to reduce risk. ❏ Install anti-virus software on all end points to ensure up to date. ❏ Install fire walls to enable containment of a cyber attack. ❏ Encrypt all data at rest or in communication flow including cloud services. ❏ Set up Multi Factor Authentication for employees to access intranet using remotely located devices other than their desk workstation. (smart phone, iPad, laptop, home computer). ❏ Classify data and systems, and define user roles with least privilege model. ❏ Inventory all devices connected to entity intranet and software. ❏ Monitor privileged user account activity for inappropriate behavior.
EMPLOYEE BEST PRACTICES FOR CYBER SECURITY ❏ Define user security policy and educate employees. ❏ Train employees on cyber security, privacy and awareness to protect the entity network and data. ❏ Implement strong user password policy and require password change every 30 to 60 days. COVID-19 RE-OPENING THE ECONOMY 21
