Cyber Considerations For Your COVID-19 Planning
Managing Remote Workers, Thinking of Business Continuity, Disaster Recovery, and More
For the first time in a long time companies need to manage the extremely disruptive effects of a novel virus. In response, businesses are changing the way they operate to limit the risks to employees and customers.
To further complicate matters, businesses are also having to respond in a way that adheres to the cybersecurity practices that have become marketplace standard. This is also a first. It’s fair to say that companies who do a better job integrating these practices into their virus-adjusted operations will be less exposed to risk than those who don’t.
As we change the way we work as a result of the virus, the last thing anyone wants to deal with is a security incident. Think about the following as your organization prepares:
What Considerations Are Necessary?
At a Strategic Level
- Business Continuity Plan
- Disaster Recovery Plan
- Incident Response Plan
- Remote Worker/Telework Plan
- Infrastructure and Bandwidth Evaluation
At a Tactical Level
- Secure Home Wireless Networks
- Employee Usage of Company Devices
- Encrypted Email
- Select One Video-Conference System
- Train Employees on Cyber Hygiene
More Actions and Questions For Your Team
Evaluate your information systems infrastructure, network, bandwidth, and environment to see if it can support certain stress loads, such as increased remote employee activity. If your employees are unable to stay away from work for a short period of time, consider the following questions:
– What are your organization’s channels of communications and protocols?
– Are Business Continuity and Disaster Recovery policies and procedures in place?
– When did you last perform a proactive stress test of your Disaster Recovery Plan? (Does it work?)
- Data restore tests
- Onsite vs. Offsite storage
– What’s your strategy for ‘Work From Home’ by all?
- Remote access policy
- VPN usage policy
- Bandwidth capacity
– Would your staff benefit from Cyber Awareness Training to better identify threats?
- Phishing attempts
- Social engineering attacks
– Is there guidance on following security policies while working from home?
- Online awareness and response training
- Reporting suspicious activity
– Which third-party vendors pose disruptive risks to your business? Do they have a plan to maintain operations?
– How do you monitor physical access in a prolonged time away from your facilities?
- Biometric access
- Perimeter surveillance cameras
- Intrusion alarm systems
- Key fob records
It’s not too late to evaluate your business’ ability to be proactive. We will continue to highlight best practices and post them regularly through our newsletter and on LinkedIn.
As always, feel free to reach out to your Layer 8 Security contact or visit our Contact Us page if you have any questions. We’re happy to schedule a phone call or an onsite visit.