COVID-19

Securing Your Organization’s Assets in the Face of Crisis

Torin LarsenDavid LonackRoger Delph
March 24, 2020
4 min read

The COVID-19 pandemic’s impact on business is far reaching. Today’s post is a follow-up to yesterday’s blog, “Coronavirus Forces a New Approach to Crisis Management,” and last week’s post, “Leading Remote Teams in Times of Uncertainty,” both offering additional food for thought on how to manage in these challenging times. You may also be interested in these recent Protiviti blogs, “COVID-19: Is Your Business Immunized Against Supply Chain Disruption?” and “Working Remotely? Microsoft Teams Can Help.”

 

The current novel coronavirus epidemic is impacting global markets, businesses, and individuals. Right on cue, threat actors are taking advantage of the chaos and uncertainty by unleashing a torrent of social engineering and phishing scams. Further complicating matters, businesses were not ready to move to a fully remote workforce, modifying both technology and working locations simultaneously. This situation has made it easier for threat actors to compromise the security of your users and organization. The health and safety of our workforces must be our priority; only after that, organizations should consider the following activities. Here are steps to take today to secure your organization’s assets, including your most valuable asset – your people. 

 

Formal Communication Path 

 

We cannot emphasize this enough: communication is more critical now than ever. Every organization should have a documented and official communication path for organizational change announcements during the pandemic. Threat actors are taking advantage of the rapid organization and technology changes through phishing and social engineering. Establishing a communication path that involves both e-mail communications and an internal blog post, updated regularly, enables the workforce to verify changes in how and where they work. This simple act makes it harder for threat actors to take advantage of the situation. While we are on this subject, make sure to communicate with your workforce, both on an established cadence and ad hoc, when there are significant developments. Be sure you prime this communication channel with an executive-level sponsor sending a statement like, “all our official statements will be posted on our [intranet site]. Beware of phishing attempts and check anything suspicious against [intranet site].” 

 

Accelerate Cloud-Based Web Proxy Deployments 

 

Securing and defending a remote workforce requires companies to change from an old fortress style of defense to adopting zero-trust and modern architectures, but let’s face it — we’re not going to make this change overnight. However, now is the time to investigate and accelerate deployments of cloud-based web proxies. Solutions that enable organizations to protect user devices whenever they are on to the internet should be considered. Having this capability in your arsenal is good for an effective security program long-term. These solutions can also enable you to expose internal web applications securely, without the need for a VPN.  

 

Create Targeted Awareness Campaigns  

 

Now is also the time to empower users with targeted awareness campaigns about working remotely. Focus on reinforcing the organization’s acceptable use policy to ensure users are not allowing children and roommates to use company devices and potentially exposing company data or intellectual property. Discuss the privacy and security concerns related to digital assistants, open windows and working in communal spaces. Finally, now is not the time to conduct phishing campaigns. Users will feel taken advantage of, and these campaigns will reinforce the “us vs. them” mentalities.  

 

Plan Now for Incident Response 

 

Cybersecurity organizations should have a plan in place for how they are going to perform investigations, containment, eradication, and recovery processes in a distributed working arrangement. Now is also the time to ensure a rough succession plan is in place in the event a critical staff member is ill or needs to care for loved ones. Teams should also check with their legal counsel to ensure a coordinated response plan exists and is executable with remote staff. Threat actors are actively sending out phishing e-mails and calling your users. They know this as the time when security organizations are strained, and they want to take advantage of this opportunity.  

 

Conclusion 

 

Finally, take ample notes about what worked well and not so well in this transition to remote work. We will all be going back to the office at some point and this is a learning opportunity. Take these lessons learned and incorporate them into your business continuity plans. Adjust strategic plans to ensure security organizations have the right capabilities to cope with a remote workforce. Most of all, embrace the concept that users can be productive no matter where they are working. 

 

For more information on how Protiviti can help you during the COVID-19 pandemic, contact us

Torin Larsen

Managing Director
Technology Consulting - Security & Privacy

View all posts

David Lonack

Associate Director
Technology Consulting - Security & Privacy

View all posts

Roger Delph

Senior Manager
Technology Consulting - Security & Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More