Post-pandemic cybersecurity: Lessons learned
Pandemic lockdowns provided companies with valuable cybersecurity experience. Here's how to make sure post-pandemic cybersecurity operations are prepared for a second wave.
As pandemic lockdowns end and employees return to offices, it's the perfect time for companies to review and apply what they've recently learned about securing a remote workforce. The sudden, prolonged lockdowns of the COVID-19 pandemic significantly disrupted cybersecurity operations at most companies, from the huge increase in employees working from home to the inability for cybersecurity pros to physically access equipment and resources at company facilities.
Companies should immediately establish cybersecurity-specific pandemic preparation plans, if they haven't already done so, to prepare for a potential second wave of COVID-19 lockdowns.
Prepare staff for post-pandemic cybersecurity
The companywide pandemic preparation plan should already ensure that employees have the necessary resources for staying safe and healthy, like hand sanitizer and masks, and that they follow practices like social distancing when in the office. If your company doesn't have such a plan, make sure to include these in your cybersecurity-specific plan.
Be prepared to handle post-pandemic cybersecurity needs with reduced staffing. You may need to cross-train cybersecurity staff, and possibly others as well, on additional responsibilities so you have ample backup for performing each responsibility. Also, you may need to train people to perform some tasks in different ways, depending on how much physical access to facilities is restricted.
Be ready for any geographic location to experience a lockdown at any time. A sudden outbreak may necessitate rapidly transferring services from one place to another if the company has facilities in multiple regions. That includes shifting responsibilities from one group of employees to another.
Provide secure work-from-home services
Keep all teleworking-related policies, procedures and technologies up to date. Have employees work from home for a day every so often to ensure all work-from-home technologies are still functioning well and can handle the high loads of peak remote access usage.
Make sure everyone who might need remote access has the appropriate authenticators, such as cryptographic tokens, issued in advance. The plan should also address how new authenticators will be issued when offices are closed, such as the replacement of lost authenticators or providing authenticators for new hires.
Provide training resources for all employees on work-from-home technologies, including secure remote access and secure videoconferencing and teleconferencing service usage. These resources should be readily available on demand. Training should include social engineering, since attackers are frequently trying to take advantage of the confusion people might have due to the sudden shift to work from home.
Perform remote security admin
Be ready to secure everything remotely instead of having a physical presence at offices and other facilities. You may need to be prepared to rapidly move data and services from local servers to cloud service providers in order to make them easier to access, administer, secure and monitor. Also, make sure all client devices, including laptops, smartphones and tablets, can be remotely managed, controlled and monitored as needed by authorized security administrators.
Devote additional resources to securing and monitoring all remote access solutions. Any compromise of these solutions could have catastrophic results because most, if not all, of the company will be using them to perform their work.
Incident response procedures will need to be revised to handle the virtual nature of work from home. For example, if an employee's laptop becomes infected with ransomware, how will the employee's access to the laptop's functionality be restored? If a server is compromised, how will an incident on that server be contained and operations restored if no one can physically access the server when needed?
Supply chain considerations should also be integrated into the plan. For example, if you need more hardware-based cryptographic tokens for remote access, how can you acquire, provision and distribute them during a lockdown? The same is true for any other resources your cybersecurity staff may need.
It's critically important not only to create a post-pandemic cybersecurity preparation plan, but to coordinate it with other parts of the company and, especially, to practice exercising the plan. What sounds great in writing might not be so great in the field.