CyberSecOp.com

View Original

Cybersecurity Risks in a Pandemic: What you need to know

The COVID-19 pandemic has alerted many organizations to gaps in their information security infrastructure heretofore unrealized. Most of these deficiencies have been revealed as a direct outcome of the shift from a workforce-in-place physical environment centered around a fixed and determinable worksite location to a distributed, unstructured environment where most employees and individuals are working remotely.

At CyberSecOp, we can help your organization address these, as well as other concerns related not only to the current operating environment but also pertaining to any and all operating challenges you may face as part of your ongoing operations.

The lack of a centralized workspace raises a multiplicity of information security concerns, including but not limited to the following:

1.      Does the company have an established Work-From-Home (WFH) information security policy, and if not, how is remote worker security managed?

2.      Are employees adequately trained to work remotely, and do they have the appropriate tools at their disposal to ensure the preservation of the security environment?

3.      How does the organization manage mobile device and laptop security, including encryption?

4.      Control and testing of the commercial VPN?

5.      Does the organization maintain a comprehensive data loss protection policy?

6.      How, if at all does the organization address data loss protection?

7.      Does the organization have a breach response plan for mobile and remote WFH employees?

At CyberSecOp, we can help your organization address these, as well as other concerns related not only to the current operating environment but also pertaining to any and all operating challenges you may face as part of your ongoing operations. Our skilled team of information security professionals can provide a comprehensive assessment of your information security framework and suggest remediation and complementary additions to your existing framework, as the case may be.

There are several things to consider if and when the time comes for firms to return to the office. CyberSecOp recommends:

  • Third-Party network risk assessment

  •   Operational Responses to Security Incidents

  • Work from Home Security

  • Virtual Meeting Applications

  • Updates and Patches

  •   A full virus scan on workstations returning to the office

  • Full Windows/Mac updates

  • Review Wi-Fi connections on returning devices: Some people may come back and still connect to Optimum Wi-Fi (This can be very risky)

  • Delete any accounts not for company use

  • Provisioning devices employees may have bought in haste (Hardening AV adding to the domain)

  • Mobile device management strategy for new mobiles, or devices that employees are using more

  • Pandemic Policy, Cybersecurity Policy Wireless policy

It is important for organizations to foresee possible consequences transitioning from working remotely to returning to the office. CyberSecOp can help facilitate this transition.

AUTHOR: Michael Young