Tips for Cybersecurity Disaster Preparation

Posted inCyber Security, Remote Work, Security

In the wake of the COVID-19 pandemic, businesses across the globe are experiencing hardships. Employees are largely working from home, straining VPN’s and creating larger surface area for risk exposure. These problems are no one’s fault, this virus is not something we would expect in 2020, but here we are. Cybersecurity should be at the forefront of everyone’s mind while working from home, but the reality is it probably isn’t. Cybersecurity disaster preparation will combat employees who are more concerned with the health of the people in their homes (as they should be) than they are with cyber attacks.

This leaves business leaders to do the thinking for them. There are things companies have to think about now that they didn’t have to think about before, so here are a few tips and best practices for cybersecurity disaster preparation:

  1. Use your VPN, make sure VPNs are updated and VPN traffic is monitored. Ensure correct usage by employees. Know what the typical headcount should be, locations of various employees, how many connections are open. Blocking traffic from places where you do not have employees is a good idea as well. For example, if your employees are all living inside the US, put up a geofence around your VPN that blocks access from everywhere else.
  2. Use a dedicated company email address to update employees. These updates can be regarding security and VPN changes/updates, updates to policies and procedures, etc but don’t send them from multiple addresses so phishing attacks aren’t camoflouged.
  3. Keep updated information on your intranet site or slack. Use this as a method of communication with your employees. Make clear on the homepage that any updates will come from the dedicated email that has been set up in tip 2. 
  4. Re-educate people on not clicking links from unknown sources. If there’s a question, refer to intranet. If it’s not there, don’t click the link.
  5. Set up email filter protections around key words. (Currently COVID-19, working from home, coronavirus, hashtags like #AloneTogether #StayHome, etc.)
  6. Think about securing your brick and mortar building. You may just want to lock the building down if there’s going to be an extended lockdown or closure. Especially if it’s a shared building and you cannot control who goes in and out. A hacker physically getting into one of your machines is the absolute worst-case scenario. If you can’t keep a security guard on staff, consider shutting your space down. No one in or out.
  7. Watch your perimeter or if your Beyond Trust your segmentation. Know what’s normal behavior, and what the new normal is so you can monitor for anything abnormal. Especially if your office isn’t securely locked down and someone gains physical access to your machines.
     
  8. Keep your eyes open for bad actors. Now is the prime time an insider threat can pop up. Someone who has access to the building and can make up a reason to get past security. They can get in, drop an appliance to start skimming the information from the systems and get back out without anyone being the wiser.
  9. Ensure proper access controls. With everyone transitioning to working from home and setting up VPNs and the like, it is imperative that people only have access to what they need. No one wants to think their employees will do bad things with extra access, but it’s better to trust no one and ensure security, than to live by the adage, “Better to have it and not need it than to need it and not have it.” Security doesn’t work that way.
  10. Encourage the use of antivirus software. Even if it’s the free version from their ISP, encourage your employees to utilize the service. For those who don’t have that option or who you want to make sure have an extra layer of security, provide it for them. Any cost incurred from this process will be far less than the thousands of dollars it could cost if your business suffers a data breach or falls out of compliance.

Disaster situations always have businesses and people moving fast. Most disasters don’t give notice, so it’s all reaction. Having some of these programs and processes in place in the event a disaster or another pandemic should happen is a great way to be proactive. Businesses suffer during disasters as it is, the last thing any business needs is for a breach to happen because they weren’t secure enough. 

No one wants to believe that people will take advantage of other people during disasters or pandemics. Human nature is to be altruistic, but not all humans work that way. If you can’t be the person who is skeptical, hire someone who can do that for you. Be helpful where you can, but be aware that people will take advantage if they can. Be proactive, have a cybersecurity disaster preparation plan put in place to protect your business. Doing so will ensure your company’s survival.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY