NIST 800-171 CycleTechBento considers the COVID-19 threat as a high-risk event with severe disruptions to systems, business operations, and financials.  We anticipate heavy influx of ill-prepared organizations seeking last-minute guidance on continuity planning, remote access, requests for additional capabilities, hardware purchases, communication tools.  As a result we have activated our Disaster Recovery & Response plan for large-scale cybersecurity incidents.

Activating Emergency Response internally means that all BCP/DR planning activities are suspended.  This frees our teams to focus on our business continuity and the continuity of our clients by leveraging established disaster recovery procedures. It also means we banned all non-essential travel in the immediate future and are likely to continue this until circumstances improve. Finally, it grants individual team members authority over Service Level Agreement activities extending flexibility and enabling prioritization based on realtime needs.

We strongly encourage all organizations to assume that adjacent to the health concerns of COVID-19 all companies should prepare for increases in phishing, fraud, and malicious activities against IT infrastructure.  Companies are likely to experience increases in targeted attacks against networks, applications, and human resources.   It is imperative that your organization continuously reminds staff that it is not acceptable to share credentials, offer up passwords, act on unexpected requests (email, telephone, messenger pigeon, etc) and exercise extreme care and scrutiny with anyone attempting to gain access to systems. Spread of ransomeware, data leaks, and breaches are extremely likely to occur as fear and anxiety grow in this scenario.  People are vulnerable and easily exploited at times of crisis.

Public updates through this Blog will be limited to major changes in the disaster recovery cycle, such as a change from Response to Recovery.  Smaller updates, access to business continuity disclosures, helpful information, etc is available to client-business owners/managers and technical contacts through our support portal.  We presently do not intend to send announcements as the situation is extremely fluid and unnecessary notices are likely to incite additional anxiety or panic.  Our customers are encouraged to make mindful decisions to protect their staff and prepare for a pandemic.