COVID-19 Crisis: 10 Timely Tips for VARs and ISVs from RSPA’s Security Advisor

By: Nathan Sweaney, RSPA Security Advisor

The COVID-19 global pandemic is both a staggering health crisis and an economic crisis – and a boon to cybersecurity criminals. As RSPA Legal Counsel Bob Goldberg stated in his COVID-19 communications guidelines webinar, “The crooks seem to be weathering this storm rather well. Alert all of your customers and your employees to be wary of any malware.”

Here are my top 10 focus areas for VARs and ISVs who want to remain secure:

  1. Recognize that attackers will utilize current events for social engineering attacks. This is particularly true for anything that generates emotion or urgency.
  2. Be especially cautious when anyone contacts you with offers or assistance for relief efforts, stimulus packages, SBA loans, etc. Verify their authenticity with your bank or a trusted source.
  3. As more employees are working from home, make sure to carefully review your remote access systems and configurations. Standard security rules should apply.
  4. Keep all systems patched.
  5. Maintain strong passwords.
  6. Use multi-factor authentication.
  7. Make sure you have a policy to handle customer requests that may weaken their security.
  8. Draw a line on what actions you’re willing to take (and not take) for customers, and make sure all support personnel understand that policy.
  9. Ensure you require the appropriate liability waivers for customers that ask you to compromise their security or compliance by weakening controls.
  10. Recognize that stress and anxiety weaken your employees’ ability to make good decisions which in turn can lead to a security compromise. Make extra efforts to have regular personal interactions with all employees and provide opportunities for them to engage in “water-cooler” types of interactions. Employees not accustomed to working from home may be struggling to adapt more than they let on.

For additional VAR/ISV insights and best practices related to the coronavirus pandemic, visit the RSPA COVID-19 Resource Center here.

RSPA Security Advisory Nathan Sweaney is a Senior Security Consultant with Secure Ideas. He has worked in the information security field directly since 2011, and prior to that it was a primary focus of his job. Nathan has considerable experience with point of sale environments and managing compliance regulations such as PCI. He currently holds the GPEN, GWAPT, and GAWN certifications. If you have a security question, ask Nathan at SecurityAdvisor@GoRSPA.org.