On 3 March 2020, the National Cyber Security Centre SK-CERT published the first Recommendations for operators of essential services to ensure a high level of availability of their services.
On Sunday, 15 March 2020, the Government of the Slovak Republic agreed on the Declaration of Emergency State according to Article 5 of the Constitutional Act No. 227/2002 Coll., which applies from 16 March 2020 from 6.00 a.m.
Therefore, the National Cyber Security Centre SK-CERT issues an updated set of security recommendations, which extends the recommendations issued by the National Cyber Security Centre SK-CERT on 3 March 2020 to operators of essential services to ensure the continuity of services while protecting and mitigating the consequences of virus spread in the working environment of organizations.
The aim of these measures is to ensure:
- a maximum protection of the employee in the working environment,
- creation of an optimal environment for the continuity of services and activities,
- prevention of interruption in providing key products and services.
The recommended measures take into account:
- an interest of the individual,
- prevention of further losses or inability to carry out priority activities,
- environmental impact.
The National Cyber Security Centre SK-CERT recommends the following (II):
- divide and identify the activities of the organization/company into “in house” – actions that require the presence of the employee at the workplace and “off site” – actions not bound to the employee’s workplace,
- enable employees to carry out all off-site activities from their home environment on the basis of an internal regulation specific to each institution to ensure an optimal uninterrupted operations and continuity,
- ensure the performance of all “in-house” actions with an alternative rotation of the minimum number of employees – as few employees in personal contact as possible in the building,
- reduce the number of employees in one area and alternate persons sitting in one office by taking turns at work (shifts based on week rotation),
- enable off-site work to employees who come to work by public transport, if possible,
- identify key operational roles; where substitutability is possible, with immediate effect apply rotation for substitutability and avoid personal contact,
- with immediate effect, completely ban employees’ gatherings in corridors, kitchens, meeting rooms or common premises,
- with immediate effect, completely ban all visits to operational and office buildings,
- limit the number of persons in the lift to a half (or less) according to the size of the lift in order to maintain a distance of at least 1 to 1.5 meters between persons in the lift,
- limit smoking breaks, their length and number of persons (maximum one person),
- an employee whose activities fall under the category “in house” must inform the employer if he/she lives in the common household with a person commuting daily to work outside the territory of the Slovak Republic (to neighbouring countries),
- conduct necessary working meetings electronically even when employees are at work, cancel tête-à-tête meetings,
- immediately allow employees to wear a face mask without any restriction,
- if possible, enforce employees to eat at the workplace and reduce/cancel their departure from the workplace to catering facilities during a shift;
- regulate lunch breaks in a way that the number of people in the canteen is as low as possible, or just to provide take-away meals and allow having lunch in the employee’s office,
- keep or impose a so-called “closed-door” rule for offices and workplaces,
- regarding to all internal security measures, inform employees about the importance of announcing any breach, non-compliance or concealment of any facts related to security regulations to the employer,
- follow hygienic measures recommended by the Ministry of Health of the Slovak Republic, the Chief Health Officer of the Slovak Republic and the World Health Organization,
- follow the regulations of the Crisis Headquarters of the Slovak Republic (all important and current information can be found at https://www.korona.gov.sk).
Please note again that the situation related to the spread of COVID-19 can be used by attackers to attack an organization’s infrastructure, so increased attention and supervision is appropriate.
At the same time, it is necessary to instruct the employees about the risk of cyberattacks (social engineering techniques, phishing) that may be associated with the current situation and its security regime.
All detected incidents must be reported to the National Cyber Security Centre SK-CERT (according to Act No. 69/2018 Coll. on Cybersecurity).
Organizations that already have Business Continuity Management (BCM) have a significant advantage in this respect, and the above recommended measures complement those set out in BCM of the organization.
All warnings and recommendations of the National Cyber Security Centre SK-CERT can be also found at: https://www.korona.gov.sk/varovania-narodneho-centra-kybernetickej-bezpecnosti-sk-cert/.
« Späť na zoznam