9 Back-to-the-Workplace Cybersecurity Preparedness Tips
Avertium, a cybersecurity services provider to the mid-to-enterprise market, provides advice on revising an existing incident response plan.
PHOENIX — Since the novel coronavirus outbreak began tearing across the United States, a reported 316 million Americans in more than 40 states have been ordered to stay at home, save for essential activities, to help slow the spread of the COVID-19 disease.
As portions of the American workforce transition back to working in a physical office after shelter-in-place orders lift, special considerations for IT security teams arise. One way for systems integrators to help their end customers approach this challenge is to guide them through a review of the organization’s incident response plan.
“A rigorously developed relevant incident response plan that considers potential impact to all aspects of your business in their current and future states prepares you to quickly mobilize around minimizing the impacts of a breach,” says Paul Caiazzo, senior vice president of security and compliance at Avertium.
Avertium, a cybersecurity services provider to the mid-to-enterprise market, provides the following tips on revising an existing company incident response plan:
1) Assess the Risks
Perform a risk assessment to locate and document where your organization keeps its crucial data assets and prioritize the remediation of security issues you discover during the assessment. Prevent incidents from happening by keeping up with good cybersecurity hygiene, including vulnerability management and regular penetration testing.
2) Reconfirm Team Assignments
Communicate with internal and external stakeholders and reconfirm their roles and responsibilities. Designate your computer security incident response team (CSIRT), being sure to include departments company-wide. Engage regularly with internal parties to keep data security top-of-mind at all levels of the organization and to set the stage for communication in the event of an incident. Keeping your CSIRT on its toes is even more important in a time where a remote workforce and outside distractions complicate incident response.
3) Customize the Plan
If the current plan was developed from a template or perhaps is a carryover from a previous employer, this is a good time to review and customize it to meet the challenges presented by the current situation. Form a transparent communication plan with external parties that clearly states the degree to which they’ve been affected, if at all. Include a crisis communication plan to proactively detail how to work with the media.
4) Practice Makes Perfect
Implement processes and technology, such as, training your users to report suspicious or anomalous activities and test their knowledge regularly. Conduct tabletop exercises with the CSIRT with scenarios that are likely to arise from the current situation. Implement additional training to raise awareness of crisis-related phishing attacks, which have seen a huge uptick since this crisis began.
5) Detect Security Incidents in Remote Devices
In order to successfully respond to, contain and eradicate an incident, you first must be able to detect it. Rapidly detecting security incidents in remotely deployed devices can be a challenge for organizations unprepared with the right tools, procedures, and training. Two tools which dramatically simplify this are Cloud-based SIEM technology alongside enterprise-grade endpoint detection and response (EDR). Integrate data from your remote endpoints into your SIEM, and correlate with data from your other security tools, identity management platforms, Cloud security tools and threat intelligence to get the visibility required.
7) Eradicate in Place
Once you’ve detected an incident, activate the incident response plan and work to eradicate all traces of the security incident. Target the complete elimination of the threat including removing any persistent access established by an attacker, cleanup of malware, disabling compromised accounts, and identifying the root cause of the incident.
Document the root cause in an incident report, and expedite remediation of all vulnerabilities that were exploited. Use this to assist in responding to future attacks and developing a plan of action to stop similar events from happening again. Operationalizing this capability is best enabled through a leading EDR tool deployed across your entire remote workforce. Be sure to include outside counsel very early in the process if there is any suspicion of a compromise involving personally identifiable information (PII).
8) Revise Restore to Normal Procedures
Certain systems may not have been viewed as critical in a primarily on-site environment, but may be much more critical in the age of a purely remote workforce. Review the order of recovery for systems and processes and adjust for the current environment. In event of a breach, be sure to apply lessons learned and revise the incident response plan accordingly to increase your security posture while maintaining business continuity. For example, identify areas of excellence and those that need improvement as well as departments or individuals overlooked in your initial IR plan.
9) Call for Help
Many businesses lack the resources to develop, test and execute an effective incident response plan. Partnering with an outside consulting firm that has experience with different types of breaches across many industries can provide peace of mind in knowing you have a plan to deal with unexpected security incidents. Working with experienced professionals can take the burden of preparation off you, and make a complex undertaking simple.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!