Joseph Assaf Turner
Reboot After COVID-19. What’s your exit strategy?
As the curve flattens across the globe and markets emerge from the COVID-19 crisis, it’s crucial that CIOs make informed decisions and take action that shapes how IT and cybersecurity will operate in the new business environment.
Following are 10 key steps to successfully emerge from the crisis:
1. Management Involvement
Management had to make some tough decisions during the crisis and will have to make more of those going forward, like how many employees will we keep / take back? What will be the extent of teleworking? How will the business operate going forward?
•Meet with management and understand the decisions taken and the reasons for them.
•Reflect management’s strategy in yours.
•Create a budgeted plan and emphasize operational and financial benefits.
•Reevaluate risk to reflect new threat landscape.
•Use threat intelligence.
•Communicate your own tough decisions and get management’s support and sponsorship.
2. Malware Prevention
As more employees work from remote environments, their endpoint face greater risk of malware infection.
•Antimalware solution constantly updated.
•Antimalware solution fits needs and supports remote update, protection and reporting.
•Check for compliance in case of local network re-entry
•Consider relevant additional endpoint protection.
•Remember: VPN does NOT fight malware.
•Prefer malware-agnostic solutions
3. Remote Communication
Teleworking distances employees from prying eyes of coworkers and supervisors. This inevitably leads to “bolder”, less supervised web activities.
•Enforce strict internet access corporate policies.
•Work laptops are for work!
•Enable personal firewalls controlled by corp. policy.
•Forbid simultaneous VPN and internet connections.
•Help employees setup and protect their home network.
•Use VPN for all corporate communication (email, IM, etc.)
4. OS and Software Patching
As teleworking endpoints are a prime target for attackers, teleworking increases the need to patch operating systems and 3rd party software as soon as patches are released.
•Enforce patching policies.
•Scan for vulnerabilities and patch accordingly.
•Guide teleworkers to manually install patches when needed.
•Check for compliance in case of local network re-entry.
5. Access Control
The probability of an endpoint to become compromised increases dramatically with teleworking. This calls for reevaluation of granting and revoking privileges according to remote/local connection.
Network resources should also be available to remote access strictly to users who must use them.
•Reevaluate remote access and other privileges.
•Differentiate local / remote access privileges where possible.
•Enforce least privilege policy.
•Limit access to internal resources as much as possible.
•Replicate frequently accessed resources to DMZ.
•Monitor, log and track changes as much as possible.
6. Monitoring & Logging
With the move to teleworking, teamwork and supervision loosen as does your teleworkers’ focus at following protocol. The wider and deeper the logs – the greater your ability to understand what actions were performed, by whom and how to reverse those actions if needed.
•Allocate appropriate storage and log as much as possible.
•Deploy a SIEM solution.
•Ensure correlation of events from different log sources.
•Define and flag critical logs, and follow up on alerts.
•Consider SOC services.
7. Employee Awareness
The COVID-19 crisis has everyone’s mind occupied, restless and uncertain – the perfect opportunity for attackers to exploit and cause damage. Furthermore – assembling all employees for the weekly cybersecurity talk/brief becomes less possible.
•Increase awareness training
•Adjust awareness training to also reflect the risk of teleworking.
•Gamify training and add mobile-viewable clips.
•Track viewing and participation.
8. Incident Management
Increased risk due to significant change, physical distance to endpoints, less staff performing more tasks and other variables make incident management more difficult.
•Monitor, track and possibly correlate all incidents.
•Assign incident first responders.
•Train teleworkers in trivial problem solving.
•Define escalation parameters.
•Revisit contracts and SLA for professional Incident Response Team.
•Create and distribute and revisit incident management playbook.
•Practice and test incident management.
9. Business Continuity
If the current COVID-19 crisis taught us anything, it’s the critical need for business continuity planning. IT is expected to be available in times of uncertainty and limited resources and manpower.
•Maintain redundant communication pipelines.
•Store (or pre-order) hardened laptops for distribution
•Assign key personnel to help the transition to teleworking.
•Backup, backup, backup!
•Test backup recovery – data and full-system.
•Create and distribute and revisit DR playbook.
•Practice and test disaster recovery.
10. Standards & Regulatory Compliance
As the company and its IT adjust for new crisis-driven demands, adjustments should be made to documentation accordingly.
•Revisit strategy and procedures to ensure alignment with company strategy and other compliance.
•Reassess risk to reflect the change in:
•IT Infrastructure and work procedures.
•Ensure protocols and playbooks relevancy.
•Create environment-agnostic strategy and procedures.
•Stay updated on new compliance requirements.
Although the coronavirus crisis poses many challenges, opportunities are there as well. As IT infrastructure and procedures change to fit new business demand, the threat landscape also changes. These changes can promote greater attention from management and with it, the ability to build a stronger, more resilient IT program that securely fits and supports all business processes.
For more information on the How’s, email us
Your partners for the business side of cybersecurity