For every company, it is important to have someone to turn to for security. Typically, that’s the CIO, CISO, and your IT security team. However, not every business has the security staff they need to stay on top of things; particularly with this large of a remote workforce as we’re experiencing at this time with the coronavirus (COVID-19) pandemic.
With this in mind, there should be a way for business executives, large and small, to find the guidance necessary to know what to look for in terms of securing a remote workforce, business operations, and organizing IT technical support aspects. This is the goal of the blog post, and to make it as easy to follow, let’s begin with an overview of what you need to keep in mind.
- Business Continuity Plan that includes a pandemic plan.
- Employee Security Training that includes securing Wi-Fi, VPN, Remote Desktop, Collaboration Platforms such as Slack, and conference applications such as Zoom and Teams.
- IT Tech Support for any issues with computers and devices used, software and applications, cloud and server access, and network troubleshooting.
- Compliance and Privacy Requirements
- Security Assessments for internal and external needs that include the network, devices, server, cloud, third-party partners and services, and all data access.
Everything you see listed above can reduce risks during COVID-19 with your employees working from home, but also your overall business operations post-COVID-19. For those of you who follow our blog and get our newsletters, you have seen this layout before since it points you toward adopting a holistic cybersecurity posture.
To help you understand the different areas in business terms we are going to avoid cybersecurity language as much as possible and address the areas in terms of operations.
- Business Continuity (BC) – Is something that gets you to create a thorough list of all the things you use to conduct business. This means every computer, every server, every cloud, every app, and so on. Make this list and don’t forget to include what offline data or tools you use to do business. For the pandemic plan section, this is where you organize your entire team based on their roles and how you want to work out the possibility that they get sick and need a replacement. This is especially important for your IT security and tech department. You need someone who can step in and help in case they need to take leave.
- Employee Security Training – Is essential to help your team know how to spot phishing and what to do if they think they downloaded a corrupt file or clicked on a malicious link. It also helps them to set up their Wi-Fi, VPN and all applications and software they use to work from home with security and privacy in mind (we shared a couple cybersecurity training videos for employees working from home in this blog post). You also want employees to be aware of the dangers when using collaboration platforms such as Slack who have found for example, that their incoming webhooks could be used to launch phishing attacks against employees. Everything that will be used for business and connected through the network brings risks, employees need to know about this with the proper security training to help them do the right things and minimize risks.
- IT Tech Support – This is especially important if a company wants to avoid a business interruption due to an employee not knowing how to fix a problem if their computer, software or app creates issues. It can be a malfunction, but also for example an updated patch of the system that is creating a conflict. You want to have someone that can walk them through troubleshooting the issue and that knows how to keep security and privacy in mind too.
- Compliance and Privacy Requirements – Even though there may be some understanding for any unmet compliance and privacy requirements at this time, this won’t last forever, nor should you count on it. Whatever compliance and privacy requirements your company needs to adhere to for regulations, but also for the security and safety of your business, employees, and customers, make sure you are meeting those requirements. You should have a clear idea of what those are, all you want to do is double check that you are still meeting them while you have a remote workforce.
- Security Assessments – Are important to have while people are connecting from their home network over remote desktop to office servers, clouds, and all company software or applications to conduct regular day-to-day operations and access company data. For your third-party partners and providers, you also want an assessment. Find out what security steps they’re taking, how things have changed in their business operations since COVID-19, and what are they doing to ensure compliance and privacy, everything that you’re making sure is in order for your cybersecurity posture. The second part of security assessments is internal, which includes your firewall, server, network, everything at the office. Have eyes on it now and then you revisit it again when employees come back.
This break down gives you a clear idea of why these areas are important for conducting operations securely and what to do to implement them.
If you need cybersecurity expertise support with the above or other cybersecurity areas, we have a cybersecurity staffing solutions division.
For monitoring your network and security assessments, as well as employee training, we also have what you need. Here are links to take a look: Information Security and MyCSO Cybersecurity Training for Small Business – Free, Lite, and Pro.
Also, we’re always just a phone call away. Schedule your free consultation!
Photo courtesy of wavebreakmedia