Resource center for cybersecurity in a COVID-19 world

Progress confidently

This site is designed to share useful information that can help our clients, their employees, and the cybersecurity community stay secure as work approaches evolve in response to COVID-19. Our goal is to allow our community to effectively work through uncharted times with confidence and peace of mind.

The information spans a variety of topics and formats to help you understand the implications of remote work on compliance projects, provide cybersecurity tips for companies and individual employees when working remotely, and share the latest cyber threats and attacks we see related to COVID-19 and pandemic preparedness.

Due to the rapidly changing nature of the situation, we will continue to refresh the material on this site and share any additional information that may be useful. 


Cybercrime during COVID-19 / Things to be aware of


COVID Variety Show: Special Release

Have some fun with this one of a kind Variety Show and get expert security advice from Coalfire CEO, Tom McAndrew and security experts Luke McOmie and Mike Weber. Topics include: The Trolls movie, cybersecurity strategies for office reopening’s, business impacts, and a couple new jokes to use on your next Zoom call.

CoalCast special edition: CoronaCast

This special edition of CoalCast covers the ethics of using COVID in a phishing engagement, “Quarantine Infrastructure” where cyber pollution meets shadow IT, Shock doctrine: will pandemic surveillance becomes the new normal… and finally an interview with Marc Rodgers, co-founder of the CTI-League.


COVID-19 incites crimes of opportunity

On April 21, 2020, Mike Weber, vice president of innovation, updated his blog covering some of the top scams cybercriminals are unleashing on businesses as well as identifying the newest targets for those crimes. In the current panicked state of the economy, understanding the attack vectors is the smartest thing companies and individuals can do to remain cyber secure.


Compliance considerations


How to mutate compliance in ‘the new normal’

The report shows the impact of cybersecurity compliance in the new age of accelerating regulation, pandemic-driven communications and business processes moving to the cloud. It provides solutions to transform compliance strategy and program execution for reduced risk, cost and improved business performance.


Minimize business disruption and move forward with solid assessment guidance

Coalfire is listening to our customers to help them minimize disruption to their businesses during these trying times. They must move forward with selling products and services, which requires demonstrated data protection with third-party assurance. We aggregated information from various regulatory bodies to provide an overview of the major assurance framework's new processes, plus what you can expect from Coalfire as we carry out assessments during these evolving times.


Establishing remote data center assessment standards

Remote work and social distancing are the new normal, but data center security won’t wait for the end of this pandemic. While this very likely be a temporary shift away from onsite assessment, it may become a contingency plan for future public emergencies. Saree Costa, Coalfire’s senior consultant, payments assurance, shares COVID-19 inspired guidelines and trial run tips for remote data center assessment.


HITRUST guidance for risk management in the teleworking world

Organizations must quickly identify and treat new cybersecurity risks introduced by the newly formed remote workforce. Here’s how the HITRUST CSF®, a certifiable framework with a comprehensive approach to regulatory compliance and risk management, provides guidance.


How can my organization minimize the impacts on PCI Compliance resulting from COVID-19?

Aaron Reynolds, Coalfire’s payments assurance vice president, discusses the challenges resulting from COVID-19 and how organizations can work with their QSA to minimize the overall impacts on PCI compliance and payments security. Learn how Coalfire is adjusting their assessment processes to help its customers maintain PCI compliance through a global crisis.


What will happen to my ISO certificate during a global pandemic?

David Forman, managing principal of ISO assurance for Coalfire, discusses the impact that COVID-19 has on current and prospective certification customers for standards like ISO/IEC 27001, ISO 9001, ISO/IEC 27701, and CSA STAR. Learn how global accreditation bodies, including the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS), have adjusted audit procedures to account for the health and safety of both certified organizations and certification body audit teams.


Implications of remote work on compliance projects

Learn how Coalfire is adjusting our approach to help you progress confidently with your compliance projects during this time of necessitated remote working. Adam Shnider, Coalfire’s executive vice president of cyber assurance services, addresses regulators’ responses to the COVID-19 situation, and how Coalfire’s approach to remote assessments, powered by CoalfireOne, ensures that your compliance projects continue to move forward seamlessly and successfully. 

FAQ and remote assessment guidance

We’ve addressed some of our clients’ most asked questions regarding compliance projects, remote assessments, and impacts from the COVID-19 situation. Additionally, we have pulled together guidance from the regulatory bodies in response to COVID-19 and remote assessments. Have a question that isn’t addressed in this FAQ? We would love to answer it for you! Ask us anything in the form on this page and we will get back to you promptly.


Securing remote work


Security considerations for the social distancing era?

Social distancing means something different when two people must be closer together than six feet in order to perform critical security tasks. Andy Barratt, managing principal for solution validation, explores the impact of COVID-19 on multi-person key management schemes.


How some of our clients are solving the work from home challenge?

Andy Barratt, managing principal for solution validation, was scheduled to present with our client ThinScale at the remote working summit in Dallas. They have developed a timely point solution for companies rapidly deploying remote workers that need to profile and harden an untrusted end computer. Prior to the scheduled presentation, Coalfire validated this can be used as part of a PCI DSS solution. You can view their planned presentation to learn more.

Pivoting to a remote workforce

In this webinar, Coalfire’s Doug Hudson, senior director of cyber risk advisory, and John Koziol, director of client engagement, discuss how companies can adapt compliance and business practices to world events like the COVID-19 pandemic. This includes addressing common issues our clients have been experiencing as well as providing action items for many companies that are not yet ready to implement a fully remote workforce. Our experts discuss what can be done now to stay secure in uncertain times.

Privacy/Disaster recovery planning and other security topics


Perspective: How the COVID-19 pandemic is like cybersecurity

The challenges of cybersecurity seem to mirror the struggles that we are facing with the COVID-19 crisis. Plans that are ignored in favor of ad hoc responses. Execution of measures at the tactic level rather than strategic planning. Uncertainty around long-term efficacy of a given solution. Coalfire CxO Advisor Nick Vigier explores how organizations can utilize the lessons we are learning today from the coronavirus pandemic to better prepare for future cyber attacks.


Crisis, business continuity and employment during pandemics

Coalfire’s Luke McOmie, CxO advisor labs, speaks on a panel that discusses how business continuity is affected during pandemics. The COVID-19 pandemic has changed the way organizations conduct business and how students learn on a day-to-day basis. Listen to the full recording to gain an understanding of what that could mean in the long run.

Keeping privacy afloat during a pandemic

It’s very easy to forget about privacy when dealing with COVID-19. Chalice Beam from Coalfire's Health and Life Sciences practice shares some things to keep in mind when dealing with PHI, whether you’re a healthcare organization or an employer in another industry.


COVID-19 pandemic stresses the importance of business continuity

The COVID-19 pandemic has shined a light on the need for crisis planning and a Business Continuity Plan (BCP). Coalfire’s Rich Curtiss, director of healthcare risk assurance services, shares how to apply some recent lessons learned and considerations to assist you during the COVID-19 pandemic.


Coalfire’s new operating model and implications for customers


A letter to customers from our CEO

Coalfire CEO Tom McAndrew provides perspective on the immediate implications of COVID-19 on the security of business and remote workers.