All companies, including those not yet directly impacted by the COVID-19 outbreak, have a limited amount of time to make sure that they are prepared if/when the virus hits their area, maybe even directly in their organization. Right now, companies are advised to do a function-by-function audit as well as a holistic overview to identify areas needing immediate attention— addressing network security gaps, revisiting work from home policies, or tackling potential operational shortfalls, such as lack of cloud communication tools.
For any business facing frightened employees and/or the need to suspend in-person functions for a period, there are several key things to consider in order to keep both employees and the business safe and productive. Here are a few ways in which partners can help their customers in light of the current global crisis.
Regardless of business size, your customers should already have a business continuity/disaster recovery plan in place; however, if that is not the case, it is imperative that you work with them now to create one and/or review existing systems and processes to make sure that all of their t’s are crossed and i’s are dotted. Some considerations that you should be proactively managing on behalf of your customers according to TechRepublic include:
- Confirm disaster recovery capabilities for systems that may become unavailable (due to loss of utilizes, etc.). Business continuity framework (in support of SOC2 and ISO requirements) should be in place.
- Ensure all assets are up to date on patches.
- Require employees’ regular participation in security awareness training.
- Confirm endpoint technologies such as EDR or advanced antivirus monitoring devices work outside traditional network parameters.
- Build contingency data management plans for systems cables to be access remotely.
- Analyze data protection strategies to identify gaps when employees choose the location of where they save data.
"The spread of Coronavirus (COVID–19) is accelerating the pace at which many organizations are being pushed to embrace remote work," said Gerald Beuchelt, Chief Information Security Officer of LogMeIn, which is currently not requiring employees to travel for work. "It's important to ensure your teams are prepared for events that carry a high risk of operational interruptions by maintaining a business continuity plan."
Beuchelt added, "Remote work enablement requires upfront coordination between IT, Security, HR, and Business Operations to ensure a successful program. Relying on security training and awareness programs to drive 'cyber smart' behavior not only at work but also at home (modern firewalls/routers, using strong passwords, patching, etc.) will also go a long way in keeping employees and your organization secure. These basics are most effective against fending off viruses and other malware."
Given how quickly the current coronavirus has spread, organizations may not have had time to fully implement necessary protocols when it comes to allowing and/or requiring employees to work remotely. In these times of rapidly changing environments, it can be easy to forget the basics. "From a security perspective," said Javvad Malik, security awareness advocate for KnowBe4, "the first things a company should look into are whether there is enough capacity for employees to work from home at the same time. It is also important to ensure the right policies and tools are put in place to enable employees to work remotely. Not having the right tools in place can lead to employees using unapproved or insecure apps, tools, or methods to try and get their job done. Most of all, expectations should be set as to how the organization expects its employees to operate under remote conditions and how to raise any issues."
While it’s understandable to want to react immediately in order to keep your customers and their employees safe, it is just as important to recognize that structuring a company to be fully remote is something that takes careful thought, planning—and testing; if none or only some of their employees work remotely right now, the following should be taken under advisement if not immediately, then as soon as possible in order to ensure your customers are ready to transition to a remote environment—even temporarily—should the need arise:
- Employees have adequate access to critical resources through SaaS services.
- Remote support for employees working from home is readily available.
- A work from home security policy must be in place to safeguard sensitive information at the same level on a remote network as on a corporate network.
- Companies should have a security architecture in place that runs in hybrid operations environments.
- Connections to critical infrastructure and applications are protected via the use of a secure, remote user VPN (the bare minimum requirement!).
- Add MFA (multi-factor authentication) to VPNs to add additional security.
- Determine if non-corporate-issued devices will be allowed to access corporate data, or if only company-issued devices will have that ability.
- Identify the operating systems that should be allowed to access corporate data and what minimum versions of both systems and software should be allowed.
“It's important not to be hasty in making a large-scale transition to a home workforce, no matter how urgent concerns are,” said Alex Willis, Vice President of Global Sales Engineering at BlackBerry, “despite the fact that COVID-19 is sending employees to work from home in large numbers with very little time for IT to properly evaluate a solution. This results in either throwing money at expanding legacy VPN/VDI solutions that cost a lot, and are not user friendly to deploy, or deploying a quick solution too rapidly without ensuring proper security is in place.”
"That's why it's critical to explore modern methods of remote mobile workforce enablement that provides great user experience, includes next-generation AI-driven security and allows the mobile worker to access any data or application required to be productive," Willis added.
COVID-19 isn't an isolated event but rather the largest outbreak to date that could change how we work in the future, propelling us toward an increasingly remote workforce. And while the modern workforce has embraced the concept of remote work over the traditional office, it’s still important to establish ground rules to keep the remote work program effective and manageable. Even if an organization does not plan to allow a primarily remote workforce after the current situation has been contained, it is wise to always be prepared in the event that other, unforeseen circumstances occur.
Because the spread of COVID-19 is happening at such a rapid and alarming rate, businesses need to be taking advantage of all available resources to protect themselves. Get advice from TBI’s subject matter experts—our Tech Gurus to learn about the best solutions to fit your individual customers’ needs.
ABOUT THE AUTHOR
As Marketing Communications Manager, Amanda is responsible for creating content and carrying out internal and external communications programs; she also develops educational materials to enable TBI’s partners to sell emerging solutions. Amanda also contributes to ensuring consistency with branding and ensuring TBI provides useful and relevant content to our partners. You can reach Amanda at firstname.lastname@example.org or connect with her on LinkedIn.