A Crisis Doesn’t Have to Challenge Your Security Response Management Team

While COVID-19 dominates the news headlines with stories showing the impact on communities and people, companies are also struggling to respond to the virus’s threats. It’s a crisis where many companies have little recent experience. If anything, COVID-19 reminds security and response management teams (SRMs) that they must always be vigilant. What’s more, they need to be prepared to respond to any situation that threatens a company’s longevity.

Security and Response Management Teams on High Alert

The virus is not the only threat or crisis that has security and response management teams (SRMs) on high alert. Companies face a litany of risks daily: from COVID-19 to cyberattacks to phishing scams, and on and on. Keeping the company, its assets, and the workforce safe is a demanding job. What, then, can companies do to ensure their crisis response and business continuity plans are effective when needed? And to add a layer of complexity, security teams are working remotely right now and will be for the foreseeable future.

Let’s look at some ideas from Mark Willis, Bluescape ‘s Chief Information Security Officer suggests.

Start with the Basics When Security Response Teams Work Remote.

Even though your security team may be working from home, they still need to protect the company. Willis offers up some foundational practices to keep your remote security team vigilant and ready.

1. 1. Review any security policies to ensure they reflect remote work realities
2. 2. Ensure the remote SRM team understands what actions to take in the event of security alert
3. 3. Security leads should be known at all times

Your team always needs to know where security policies and critical content can be immediately accessed. This is still a necessity. When people are remote, however, there can be no question about where essential information is saved.

One way to help test the team’s response to a situation is through tabletop exercises. Willis points out that COVID-19 is a current and real example that can be used as a data set to sharpen the team’s response skills. A central question to evaluate is this, “Does working remote improve response times or hinder it,” asks Willis.

Security Considerations and Practices When the Workforce is Remote.

Many questions remain unanswered regarding how long the virus will influence working from home mandates. Adding to the complexity of the situation is the virus may return in the fall and winter months. The high degree of ambiguity means your organization needs to continue to mature its security practices for a mostly remote workforce.

“Ensure the basics are covered,” says Willis about these security practices:

• Enable two-factor authentication and single sign-on (SSO)
• Have a plan to ensure all necessary systems have two-factor authentication and SSO enabled
• Any system that contains source code, sensitive data—email, for example—or has user data, or stores company documents are candidates for two-factor authentication and SSO
• Put into place VPN practices and be sure to train employees on the policy.

Security practices take time to mature. So, now is the time to start and plan to evolve them. Willis is also a major advocate for a constant drip of communications—in writing and in person. For example, at Bluescape, we have weekly town halls that focus on security topics and other business-related practices. Newsletters are good. Sharing timely emails about COVID-19 phishing scams or reminding employees of malicious email protocols are helpful ways to mature your organization’s security practices and policies.

“Encourage employees to create a private workspace at home where possible to protect private information from roommates or family members,” cautions Willis.

Review. Model. Repeat. Advice on Maintaining Your Business Continuity Plan.

Though the Coronavirus is a crisis, it can also trigger your business continuity plans and protocols. Despite the trigger, remote teams responsible for the continuity plan need to continue to meet. Here are some suggestions from Willis:

• Make sure the business continuity plan is easily accessible in a secure location.
• Technologies like Bluescape make it easy for teams to securely save and find documents in the heat of a situation.
• Make sure the team has practice knowing how to respond if a large portion of the workforce become ill from the virus.

Here are several questions that Willis believes all organizations and businesses of all sizes need to answer.

1. 1. Do you want people to return to the office? If so, who? Why?
2. 2. Should you tempt fate and bring people to the office or wait until next year?
3. 3. If you do, how will you keep them safe and healthy?
4. 4. What is your plan if the virus lasts until 2021?
5. 5. What is your plan if a second wave of the virus returns this fall and winter?

Remote working is not going away. It has become a new operating practice that will be your company’s new normal. Willis has believed for years that a manager, needing to see someone in a seat, in the office, was an antiquated way of measuring productivity – and as bad as the Covid-19 crisis may be, it has only confirmed his beliefs. Crisis management and business continuity are but two of many business challenges that need to adapt to a remote workforce.

Inherent in Mark Willis’s insights are four powerful mindsets: Be patient. Be diligent. Be aware – and be willing to adapt. Willis believes that applying these four mindsets will help you better protect both your business and your workforce in the face of Covid-19.