9 Back-to-the-Workplace Cybersecurity Preparedness Tips

PHOENIX — Since the novel coronavirus outbreak began tearing across the United States, a reported 316 million Americans in more than 40 states have been ordered to stay at home, save for essential activities, to help slow the spread of the COVID-19 disease.

As portions of the American workforce transition back to working in a physical office after shelter-in-place orders lift, special considerations for IT security teams arise. One way for systems integrators to help their end customers approach this challenge is to guide them through a review of the organization’s incident response plan.

“A rigorously developed relevant incident response plan that considers potential impact to all aspects of your business in their current and future states prepares you to quickly mobilize around minimizing the impacts of a breach,” says Paul Caiazzo, senior vice president of security and compliance at Avertium.

Avertium, a cybersecurity services provider to the mid-to-enterprise market, provides the following tips on revising an existing company incident response plan:

1) Assess the Risks

Perform a risk assessment to locate and document where your organization keeps its crucial data assets and prioritize the remediation of security issues you discover during the assessment. Prevent incidents from happening by keeping up with good cybersecurity hygiene, including vulnerability management and regular penetration testing.

2) Reconfirm Team Assignments

Communicate with internal and external stakeholders and reconfirm their roles and responsibilities.  Designate your computer security incident response team (CSIRT), being sure to include departments company-wide. Engage regularly with internal parties to keep data security top-of-mind at all levels of the organization and to set the stage for communication in the event of an incident. Keeping your CSIRT on its toes is even more important in a time where a remote workforce and outside distractions complicate incident response.

3) Customize the Plan

If the current plan was developed from a template or perhaps is a carryover from a previous employer, this is a good time to review and customize it to meet the challenges presented by the current situation. Form a transparent communication plan with external parties that clearly states the degree to which they’ve been affected, if at all. Include a crisis communication plan to proactively detail how to work with the media.

4) Practice Makes Perfect

Implement processes and technology, such as, training your users to report suspicious or anomalous activities and test their knowledge regularly. Conduct tabletop exercises with the CSIRT with scenarios that are likely to arise from the current situation. Implement additional training to raise awareness of crisis-related phishing attacks, which have seen a huge uptick since this crisis began.

5) Detect Security Incidents in Remote Devices

In order to successfully respond to, contain and eradicate an incident, you first must be able to detect it.  Rapidly detecting security incidents in remotely deployed devices can be a challenge for organizations unprepared with the right tools, procedures, and training.  Two tools which dramatically simplify this are Cloud-based SIEM technology alongside enterprise-grade endpoint detection and response (EDR). Integrate data from your remote endpoints into your SIEM, and correlate with data from your other security tools, identity management platforms, Cloud security tools and threat intelligence to get the visibility required.

7) Eradicate in Place

Once you’ve detected an incident, activate the incident response plan and work to eradicate all traces of the security incident. Target the complete elimination of the threat including removing any persistent access established by an attacker, cleanup of malware, disabling compromised accounts, and identifying the root cause of the incident.

Document the root cause in an incident report, and expedite remediation of all vulnerabilities that were exploited. Use this to assist in responding to future attacks and developing a plan of action to stop similar events from happening again. Operationalizing this capability is best enabled through a leading EDR tool deployed across your entire remote workforce. Be sure to include outside counsel very early in the process if there is any suspicion of a compromise involving personally identifiable information (PII).

8) Revise Restore to Normal Procedures

Certain systems may not have been viewed as critical in a primarily on-site environment, but may be much more critical in the age of a purely remote workforce.  Review the order of recovery for systems and processes and adjust for the current environment.  In event of a breach, be sure to apply lessons learned and revise the incident response plan accordingly to increase your security posture while maintaining business continuity. For example, identify areas of excellence and those that need improvement as well as departments or individuals overlooked in your initial IR plan.

9) Call for Help

Many businesses lack the resources to develop, test and execute an effective incident response plan. Partnering with an outside consulting firm that has experience with different types of breaches across many industries can provide peace of mind in knowing you have a plan to deal with unexpected security incidents. Working with experienced professionals can take the burden of preparation off you, and make a complex undertaking simple.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content

Snap One Security Market Director Excited About the Future of the Industry

NFID Foundation Aims to Establish Decentralized Identity in Security Industry

Artificial Intelligence Tops List of Policy Priorities at 2024 Security Hill Day

TCG and OST2 Partner to Deliver TPM Usage Training and Develop Cybersecurity Experts