Coronavirus (Covid-19) has been a worry all over the world in these past few weeks. We are seeing canned goods fly off the shelves, toilet paper being hoarded and videos on how to make your own hand sanitizer because stores are sold out. We’ve also seen companies make big decisions about how to best manage business with Covid-19 looming.
Reports have come out over the last couple days that companies are cancelling non-critical travel and many have pulled out of SXSW festival in Austin, TX. Twitter has encouraged most of their ~5,000 member work staff to work remotely for the time being to prevent further spread of Covid-19.
If things continue and this pace, companies will have no choice but to follow suit and have their employees work remotely. Many companies are not prepared for remote work and are now scrambling to put policies in place. Perhaps the most important policy to focus on is How to maintain safe cybersecurity practices while transitioning workers from the office to remote workstations. Below are some requirements to consider when preparing for the remote transition.
Corporate preparedness includes
- Disaster recovery capabilities for systems that may become unavailable (due to loss of utilities, etc.)
- A business continuity framework (in support of SOC2 and ISO requirements)
- Ensuring all assets are up to date on patches
- Employees participate regularly in security awareness training
- Endpoint technologies such as EDR, or advanced antivirus monitor devices work outside traditional network perimeters
- Building contingency data management plans for systems cables to be accessed remotely
- Analyzing data protection strategies to identify gaps when employees choose the location of where they save data
Transitioning employees need
- Adequate access to critical resources through SaaS services
- Readily available remote support for field workers
- A security architecture that operates in hybrid operations environments
- Only secure, encrypted laptop computers and mobile phones available so devices are not compromised when used outside of offices
- The use of secure remote user VPN connections to protect connections to critical infrastructure and applications (the very minimum requirement for companies, said Dave Farrow, senior director, information security at Barracuda Networks.)
- In addition to VPN, MFA to “help add layers of security to working remotely,” said Jonathan Tanner, senior security researcher at Barracuda.
- “To continue to be educated and trained about phishing,” said Imperva’s CTO Kunal Anand. They need to “follow best practices,” which includes code scanning, code reviews, etc.