All companies, including those not yet directly impacted by the COVID-19 outbreak, have a limited amount of time to make sure that they are prepared if/when the virus hits their area, maybe even directly in their organization. Right now, companies are advised to do a function-by-function audit as well as a holistic overview to identify areas needing immediate attention—such as addressing network security gaps, revisiting work from home policies, or tackling potential operational shortfalls, such as lack of cloud communication tools.For any business facing frightened employees and/or the need to suspend in-person functions for a period, there are several key things to consider in order to keep both your employees and your business safe and productive.
Regardless of business size, you should already have a business continuity/disaster recovery plan in place; however, now is the perfect time to create one or review existing systems and processes to make sure that you crossed all your t’s and dotted all your i’s. Here are some considerations that you should be proactively managing according to TechRepublic:
- Confirm disaster recovery capabilities for systems that may become unavailable (due to loss of utilizes, etc.). Business continuity framework (in support of SOC2 and ISO requirements) should be in place.
- Ensure all assets are up to date on patches.
- Require employees’ regular participation in security awareness training.
- Confirm endpoint technologies such as EDR or advanced antivirus monitoring devices work outside traditional network parameters.
- Build contingency data management plans for systems cables to be access remotely.
- Analyze data protection strategies to identify gaps when employees choose the location of where they save data.
"The spread of Coronavirus (COVID–19) is accelerating the pace at which many organizations are being pushed to embrace remote work," said Gerald Beuchelt, Chief Information Security Officer of LogMeIn, which is currently not requiring employees to travel for work. "It's important to ensure your teams are prepared for events that carry a high risk of operational interruptions by maintaining a business continuity plan."
Beuchelt added, "Remote work enablement requires upfront coordination between IT, Security, HR, and Business Operations to ensure a successful program. Relying on security training and awareness programs to drive 'cyber smart' behavior not only at work but also at home (modern firewalls/routers, using strong passwords, patching, etc.) will also go a long way in keeping employees and your organization secure. These basics are most effective against fending off viruses and other malware."
Given how quickly the current coronavirus has spread, organizations may not have had time to fully implement necessary protocols when it comes to allowing and/or requiring employees to work remotely. In these times of rapidly changing environments, it can be easy to forget the basics. "From a security perspective," said Javvad Malik, security awareness advocate for KnowBe4, "the first things a company should look into are whether there is enough capacity for employees to work from home at the same time. It is also important to ensure the right policies and tools are put in place to enable employees to work remotely. Not having the right tools in place can lead to employees using unapproved or insecure apps, tools, or methods to try and get their job done. Most of all, expectations should be set as to how the organization expects its employees to operate under remote conditions and how to raise any issues."
While it’s understandable to want to react immediately in order to keep your employees safe, it is just as important to recognize that structuring your company to be fully remote is something that takes careful thought and planning; if none or only some of your employees work remotely right now, the following should be taken under advisement if not immediately, then as soon as possible in order to ensure your organization is ready should the need arise to transition to a remote environment—even temporarily:
- Employees have adequate access to critical resources through SaaS services.
- Remote support for employees working from home is readily available.
- A work from home security policy must be in place to safeguard sensitive information at the same level on a remote network as on a corporate network.
- Your company should have a security architecture in place that runs in hybrid operations environments.
- Connections to critical infrastructure and applications are protected via the use of a secure, remote user VPN (the bare minimum requirement!).
- Add MFA (multi-factor authentication) to VPNs to add additional security.
- Determine if you will allow non-corporate-issued devices to be allowed to access corporate data, or if only company-issued devices will have that ability.
- Identify the operating systems that should be allowed to access corporate data and what minimum versions of both systems and software should be allowed.
“It's important not to be hasty in making a large-scale transition to a home workforce, no matter how urgent concerns are,” said Alex Willis, Vice President of Global Sales Engineering at BlackBerry, “despite the fact that COVID-19 is sending employees to work from home in large numbers with very little time for IT to properly evaluate a solution. This results in either throwing money at expanding legacy VPN/VDI solutions that cost a lot, and are not user friendly to deploy, or deploying a quick solution too rapidly without ensuring proper security is in place.”
"That's why it's critical to explore modern methods of remote mobile workforce enablement that provides great user experience, includes next-generation AI-driven security and allows the mobile worker to access any data or application required to be productive," Willis added.
COVID-19 isn't an isolated event but rather the largest outbreak to date that could change how we work in the future, propelling us toward an increasingly remote workforce. And while the modern workforce has embraced the concept of remote work over the traditional office, it’s still important to establish ground rules to keep the remote work program effective and manageable. Even if your organization does not plan to allow a primarily remote workforce after the current situation has been contained, it is wise to always be prepared in the event that other, unforeseen circumstances arise.
Because the spread of COVID-19 is happening at such a rapid and alarming rate, businesses need to take advantage of all available resources to protect themselves. Get free advice now from subject matter experts at Tech Guidance – email firstname.lastname@example.org to take advantage of our complimentary IT consultation services.