Keeping Prepared During Crisis: Best Practices
The global pandemic caused by COVID-19 is disrupting businesses across the world and forcing many hands for quick implementation of contingency plans. Though for cybercriminal world, this is a lucrative opportunity to profit from the rest of the world’s chaos and pandemonium.
Even when the pandemic subsides, many organizations will not simply be able to return to business as usual. Most will have taken substantial losses and be forced to make permanent changes in the long run. For example: many businesses may start to provide more opportunity for remote work, develop more comprehensive and inclusive disaster plans, and introduce new measures to counteract the loss of profits.
We hope to help your company adapt to the future and ensure that you have proper cybersecurity protections today. Let us use the lessons we have all learned from this pandemic to become more resilient in our future endeavors.
Preparedness and Planning:
Most organizations already have a basic plan for short-term emergencies such as loss of power and minor natural disasters. But as we see with COVID-19, maintaining operations over a sustained period of time during such a widespread crisis requires many added layers of preparation.
Emergency planning goes beyond the daily procedures used to protect your systems and their data. A continuity plan is different from your typical cyberthreat response plan and includes many more pieces to the puzzle. COVID-19 brings to light how critical of a role cybersecurity plays when it comes to disaster planning, yet many organizations have overlooked this and are currently dealing with the consequences.
Many businesses were caught scrambling to implement proper policies to establish a work-from-home (WFH) environment to keep their business going amidst COVID-19. Even those with pre-existing remote operations struggled to make the switch to a fully WFH environment.
Things to address as you create your policies:
Determine which roles are the most critical to the continuity of your business, then assess which of these roles can be transformed into a remote role. Do not forget that some roles cannot be fully remote, some roles require being in the workplace, but try to minimize this.
Find out which roles are necessary to be onsite. This could include IT and security related roles if your business has its own data center or security ops center. What should you expect from your newfound remote workers? Your business needs to be prepared to take a hit in productivity as you begin the remote work shift, especially for those employees who don’t typically work remotely. A quick change to a WFH operation can be a large adjustment, especially during times of crisis.
Remote Operations & Policies
- Do your WFH employees have a secure way to connect to your company’s network, data, and services from home? A VPN with multistep authentication is something to consider.
- Will you allow WFH employees to use personal devices? Allowing employees to use a personal computer to access your company’s servers could pose a great risk if not properly controlled and looked after. What steps will you take to prevent a data breach or other cybersecurity-related incident?
- You must provide the adequate tools for remote comms and project management. Making sure your applications of choice use data encryption and other security protocols is of the utmost importance. Though it would be ideal that your workforce already makes use of these tools regardless of a global crisis. We recommend you take this time to reevaluate your operations and look into adopting cloud-based, secure, enterprise tools and applications for your business.
During a crisis and desperate times, cybercriminals exploitation of their “prey” is more prevalent than ever before. There has been a large insurgence of email phishing campaigns taking advantage of the current global pandemic.
Make sure to reinforce solid password policies and always advise staff to not use personal passwords or pins for their company accounts. A forced password/credential reset before WFH implementation is recommended.
Provide procedures dealing with suspected phishing and other attacks, or anything else that raises an employee’s suspicion.
Make sure staff are up to date and aware of the proper and secure channels through which they’ll receive crisis information as well as company updates, so they can separate this crucial information from scams.