An approach to minimal defensive readiness by Scott Weiner, CTO, Transformation Practice Lead
In the previous article, “Building an effective remote team: The eight dimensions of clarity,” we explored how clarity is essential for remote team effectiveness. For this article, we discussed with our Cyber Risk Practice Lead and experienced CISO, Candy Alexander, the nature of cybersecurity as it applies to remote working environments. We ended up turning our conversation into a more detailed whitepaper you can download for free. Here, we’ll provide some of the highlights that every team needs to consider related to how their cybersecurity practices impact the organization and customers. This is not a time to be complacent about cybersecurity.
“We have to be right about protecting our systems 100% of the time and they only need to get through once…”
Cybersecurity before the pandemic
Covid-19 has had a profound impact on the world. It has forced most companies to transform out of necessity. Remote work for some companies is more normal than others but we all are learning new ways to work, communicate and improve. One of the critical aspects of working remotely that is often underappreciated or misunderstood is cybersecurity. Effective cybersecurity requires all of us to practice good hygiene and safeguard our systems.
The new normal
In our practice at NeuEon, we have seen companies reacting to the crisis by shifting business priorities towards a greater focus on zero-spend and revenue generation. The savvy ones are asking for guidance on what the bare minimum is that they need to do to protect their organization, as opposed to ignoring cybersecurity altogether, as they position themselves for their new normal. With this in mind, we’ve put together a prioritized list of six ways to approach an organization’s minimal defensive readiness.
“If you have built castles in the air, your work need not be lost; that is where they should be. Now put the foundations under them.”
— Henry David Thoreau
- Ensure appropriate access to all environments — Make sure you have a clear understanding of what can be accessed and by whom. Also, consider a two factor authentication strategy. Whether it’s an easily guessed password or captured through phishing attacks, passwords are often the weakest link, especially for remote workers.
- Audit log management — Eventually your system will be attacked. When this happens, you need to know as quickly as possible what is happening. Invest in a Security Information and Event Management (SIEM) solution if you can afford it. At the very least implement a log management tool so that the logs from systems in your environment are in one place to protect and review. Computers and storage are cheap compared to the damage an intruder can do. Log using the Confidentiality, Integrity, Availability (CIA) approach.
- User Awareness — Employees can be turned into one of a company’s greatest defenses too, primarily through security awareness. If everyone is well-trained in what to look for, they scale up your ability to see threats early. The staff needs to be trained to identify what a threat is and how to respond appropriately. The most common threat a team member will encounter is a phishing scam. You have to decide as an organization what should happen if an employee receives a phishing email.
- Network and perimeter basic cybersecurity safeguards — When people are decentralized, they expand the scope and size of the network. In order to protect it follow these concepts:
– Lock it down. Follow the philosophy, “lockdown all and open as necessary.” This minimizes the surface you have to monitor.
– Keep it fresh. Make sure devices and drivers are current. Out of date systems are an open door that malicious actors look to exploit.
– Watch the edge. Use tools for Intrusion detection at the perimeter that watch for unusual behavior and alert you before a break-in occurs. If possible use a proxy server to avoid direct access to your critical servers.
- Protect your end-points! — If end-points aren’t protected, the organization isn’t protected. Some consideration should be given to the individual devices connecting to your network. Also, remember anti-malware software is of little use if it isn’t kept up to date.
- Know your vulnerabilities — It’s important to regularly run vulnerability tests and then mitigate any issues found. You want to find misconfigurations, missing patches and programming mistakes as soon as possible. Applications need vulnerability testing as part of their regular acceptance testing. The worst possible time to find a flaw is when someone else finds it and exploits it.
In times of crisis, we need to act, but we don’t need to react if we are prepared.
Putting this into practice
Talk to your security team, and ask the hard questions about where you are on each of these ideas. Create a plan now. Even if the plan isn’t perfect, get something in writing that you can share and others can help you refine. It’s ok if your cybersecurity isn’t great as long as you know it and have a plan to resolve it. Remember, cybersecurity isn’t a project with a start and completion date, but rather an ongoing program. As technology changes, so do the threats and mitigation should soon follow.
We’d love to hear what ideas you come up with for building an effective remote workforce cybersecurity strategy. You don’t have to have a remote workforce to plan for one. In times of crisis, we need to act, but we don’t need to react if we are prepared.
Stay safe, and stay healthy.
If you would like to discuss your remote team challenges or how NeuEon can help with your strategic or organizational planning, please let us know.
This blog was previously published on Medium.