Security Measures During COVID-19

Why is cybersecurity relevant to COVID-19?

As many schools, universities, and workplaces close down, people are turning to public libraries for internet access and other resources. WIRED wrote an article on the effects library closures have on the general public. Additionally, cyber-criminals are using COVID-19-themed phishing emails to target a wider audience, and it's working.

Many staff members are being permitted to work from home. This is a great way to reduce the spread of COVID-19, as long as staff members can still access work-related resources securely. These resources may include cloud platforms, the use of VPNs, or remote desktop clients. The SANS Institute published a set of guidelines for working from home: Security Awareness Deployment Guide – Securely Working at Home.

For a detailed analysis, please see the Australian Cyber Security Centre's Threat Update COVID-19 Malicious Cyber Activity and the US Department of Homeland Security's CISA Insights: Risk Management for Novel Coronavirus.

What can you do to stay safe?

• Keep all computers and mobile devices updated.
• Run periodic anti-virus and anti-malware scans on your computers.
• Verify the authenticity of every email and phone call. When in doubt, don't respond.
• Beware of websites, advertisements, and phishing emails that are themed around COVID-19.
• Ensure multi-factor authentication (MFA or "2 - step") is enabled for all work-related accounts.
• Do not allow children or guests to use computers with access to work-related resources.
• Complete training and continuing education programs. More details below...

Training at home

Training Modules

• GPLS Niche Academy -- Information Technology
• WebJunction -- Technology
• USALearning.gov (US Center for Development of Cybersecurity Excellence) -- STEPP | Security Awareness
• USALearning.gov (US Department of Homeland Security FedVTE) -- Information | Direct Link | Public Courses
• National Initiative for Cybersecurity Education (NICE) Free and Low Cost Online Cybersecurity Learning Content
• CDSE -- CDSE Toolkits | Cybersecurity Toolkit
• SANS CyberAces Tutorials
• Google Phishing Quiz
• Class Central Free Online Learning Due to Coronavirus
• GIAC Certifications: Cyber Defense

Digital Publication Libraries and Whitepapers

• US Department of Homeland Security Publications Library
• CISA Publications Library - Cybersecurity
• NIST State, Local, Territorial, and Tribal (SLTT) Resources
• Naval Postgraduate School: Homeland Security Digital Library
• Carnegie Mellon Software Engineering Institute Digital Library
• InfoSec Institute -- Resources | Additional Resources
• SANS Upcoming Webcasts -- Archive
• ASIS International News

Common Tips and Advice

• CISA Home and Business Cybersecurity Tips | Tips | For Home | Securing a New Computer
• US Department of Homeland Security: Stop.Think.Connect.: General Tips and Advice
• National Initiative for Cybersecurity Education (NICE): Cybersecurity is Everyone’s Job
• CISA Cyber Essentials

How can GPLS help you?

GPLS is here to assist public libraries with their cybersecurity needs, especially during this difficult time. If you have any questions about policies, best practices, or implementation, or if you need direct assistance, please contact GPLS InfoSec at infosec@georgialibraries.org or 404-235-7206, or submit a ticket to the GPLS Helpdesk.

Additional resources

• Johns Hopkins University: Interactive Coronavirus Map
• Public Wifi Across Georgia
• SANS Policy Templates -- Pandemic Response Planning Policy Template
• GovTech.com
• PrivacyTools.io