Practical security steps to take now
- Posted on January 19, 2021
- Estimated reading time 3 minutes
This article was originally published on Forbes.
While it will take historians generations to analyze the full impact of the current global pandemic, when seen through the eyes of a CIO or CISO today, we can already assess how it has affected our companies and our workforces and determine the steps we need to take next.
Over the last nine months, my company has helped many businesses rapidly deploy technologies that have empowered remote workforces and made their business operations more resilient in a world that had suddenly moved online. These early moves tended to be tools-based and access-based. It was a period of: "What do I need to do today to get business operations up and running online?"
Now that we know we're likely to be in this current state for an extended period of time, the questions become, "How do I enable my remote employees to work most efficiently and to keep engagement high? What must we do to help the company thrive in this new environment?"
When my team and I scan the current situation, we see a range of practical steps we can take now and a set of longer-range challenges companies must confront sooner rather than later.
Headsets, analytics and IoT
First, a few practical suggestions. If your company is new to the widespread use of teleconferencing, check your employees' headsets. One person's bad audio quality can impact everyone on a call, and people may not be using the appropriate headset certified for whichever platform you are using. Replacing the old cellphone headsets that employees may have originally grabbed with a certified headset can dramatically improve your employees' efficiency and well-being.
Similarly, now is the time for IT operations to become more proactive across the board. Rather than wait for users to report problems, as many of us did when most users were on-site, consider deploying systems with analytics that can identify system bottlenecks and catch developing issues before they become a problem. Is someone's laptop frequently crashing? Perhaps they need to upgrade an application, or it may be time to provide a newer device.
What about any office IoT devices connected to your network? Now that fewer people are in the office, who is checking to be sure those devices are being updated or are still operating correctly? In one of our offices, all the meeting room displays were scheduled to turn on in the morning and off at night. With no users in the office, we adjusted the schedule to leave the displays off, saving electricity and wear on the displays.
Patches, phishing and fatigue
Unfortunately, not all challenges facing us today are as easily resolved. There's no getting around it — the importance of managing online security for remote workforces in the increased threat environment of online business operations has only been amplified.
Companies may have initially been forced to take on some additional risk while they were quickly outfitting everyone with the tools they needed to work remotely. Now is the time to go back and close any gaps that are still open.
On the most basic level, we see a significant increase in phishing emails, often messages specifically about pandemic-related subjects. Criminals are preying on employees' uncertainties, doubt and fatigue. They are counting on people being tired and distracted so they will click on something.
At our company, we have added an automatic alert to any email referencing "pandemic" that comes into our system from an external sender. That's one way we remind folks to think twice about an external message that asks them to click on a link.
We also look for ways to help people avoid the pitfalls that can come from co-mingling work and personal life.
Are some of your employees still logging into your system from personal devices? Working from a PC that a child uses to do their homework isn't the best long-term solution. The cost of providing work-only devices to employees likely will be more than offset by avoiding the cost of mitigating a virus or malware attack that makes it into your system from an unprotected home device.
Similarly, now is the time to circle back to system maintenance. Is your laptop patching strategy a match for the new environment? Many companies' security processes originally relied on devices that operated primarily on the corporate network. When people took those devices home, they could get away without patching for a couple of months. However, every company now needs a plan for how to secure and confirm the security of their remote workstations.
One model is to require everyone to VPN in when accessing work systems. Another is to switch to a cloud-based model so that patches can be delivered directly from the cloud, which saves VPN bandwidth costs.
Finally, now is the time to look for unexpected security leaks. There may be aspects of your infrastructure that you didn't think much about in the past because they were rarely used. Now that many are signing in remotely, those areas may be more widely exposed, inviting hackers' attention. This is the time to button things down.
What's coming next?
We know that technology will continue to evolve faster than we can keep track. However, we must plan for what lies ahead. What does the new normal look like for your company? What is your technology roadmap for the next one to three years? Three to five years? How do some of the technology decisions we make impact other parts of the business or visa-versa? Office and storefront real estate is a perfect example. What will it take to keep your business running the next time a pandemic-equivalent event occurs? Ensuring that you have a comprehensive business continuity plan — one that addresses all components of your business, including technology — is critical.
The world is changing fast, but this one thing we know for sure: The practical and strategic steps that we take today will markedly influence our company's success, and even its viability, in the future.