The current global health emergency has brought social unrest almost to the entire world population. Not only the daily routines of ordinary citizens are disrupted, but also the way businesses operate — may it be an SME or a large enterprise.
According to cybersecurity expert John Patrick Lita, most companies today are faced with a common question to address: “How are enterprises going to protect and maintain their operations while in crisis and most of the employees are working remotely?”
In an article published on medium.com, Lita listed some factors that could possibly solve this dilemma.
- Emergency funds
According to Lita, it’s advisable for companies to have emergency funds that can last up to at least six months, and enough to cover employees’ salaries, emergency kits, payments for accredited suppliers, and services including employee shuttle and logistics and delivery.
“With the availability of the company’s emergency fund, it will be able to support all its needs. At the same time, the organization will be able to support its employees. Without emergency funds to support employees, the company may face problems once employees start to resign,” Lita wrote.
- Manage multiple location or area
“Working in property management, you have to manage multiple sites, therefore, you need to find a way to manage all the IT assets while working remotely.
Lita said that companies should be able to identify the things that need to be considered when properly managing the sites, and how they are going to assess the need for on-site support.
He suggested the use of Remote Access Gateway (RAG) and Virtual Private Network (VPN), as well as Video Conferencing.
“This is more effective and productive for managing your IT needs,” he said.
Lita reiterates that automation is the best option for business continuity amid a crisis like the COVID-19. “This ensures that the company operates will continue even if all employees are working remotely,” he said.
Lita suggested prioritizing the automation of human resources, payroll systems, and the company’s inventory system.
“The traditional office setting is where you most likely see papers in every working station, this means there is a risk of non-functionality. A challenge arose during this crisis since the company relies mostly on the physical document and signatures,” Lita wrote.
In addressing this, he suggested to find available solutions in the market that support e-signatures, and electronic copies of documents, as well as software support for approval routing, and the likes.
- Data Backup
This, according to Lita, is essential to Gap Assessment and to avoid the risk of data loss
“You also need to consider proper set-up of data back-ups if you have a file server, it is better to assess your infrastructure before implementing the centralization of your file server. This may cause downtime in your network since this will consume higher bandwidth,” he added.
- Server Backups and Co-location
Addressing this factor, Lita said, is important especially in keeping online payments services up and running, which in turn helps the organization to continue generating income even during a crisis.
“With this kind of crisis, the IT and Cybersecurity Department should be prepared, proper planning of server back-ups should be in place and implemented well. Better to consider to have a comprehensive assessment for us to determine the correct requirements that we need.”
- Awareness Campaign
It’s also imperative to have employees be aware of cyber attacks including email phishing, smishing, vishing, and fake websites, especially in a time where working remotely is encouraged.
“While all our colleagues are working remotely, we need to inform them what are the cybersecurity incidents happening during the time of crisis, most criminals are taking advantage of this kind of events since most employees are working remotely,” Lita said.
In order to keep a seamless workflow and teamwork, staying connected during or even after work hours is also an important factor to keep in mind.
“Proper communication policy and standard should be in place, this is to maintain the security of communication,” Lita said,
“Employees will tend to communicate through text messages when it comes to their concerns. Tracking the issues, and concerns. Knowing the most number of concerns can help the organization in resolving them after the crisis which will improve the organization’s operations,” he added.
Apart from this, other communication options useful for remote workers are video conferencing software, a corporate messaging app, and a ticketing system — a tool to keep track of employees’ concerns and issues.
- Monitoring and detection measures
“The capability of monitoring your critical infrastructure and data is very important, this will enable the organization to identify possible threats and give ample time to analyze and verify these events,” Lita wrote.
“We cannot let our appliance and solution do their job, this solution needs to have a human intervention to identify the real threat and remove false-positive alerts,” he added.
Lita enumerated firewall, endpoint security, data protection, web application firewall, security incident and events management, and traceability under factors helpful in improving malicious activities detection within the network.
- Response Capability
This, according to Lita, is comprised of three levels:
Level 1 (Tier 1) — This tier will focus on monitoring, opening tickets and close false positives, this tier also handles basic investigation and mitigation.
Level 2 (Tier 2) — This tier will focus on the deep investigation if the Tier 1 identified a unique behavior in your network and need to have a deep investigation like static analysis, network forensic and other technical needs, Tier 2 will also recommend mitigations and changes needed.
Level 3 (Tier 3) — This tier is the most advanced team which consists of the technical team that handles Advance investigations like APT, and ransomware. The team also handles Threat Hunting and Counterintelligence for us to block or contain advance threats and do malware reverse engineering
“This is the basic setup of the response team which is crucial in property management who manages multiple sites and devices that are prone to any type of attack,” he said.
- Risk Assessment
“Risk Management is one of the common practices that is being overlooked as one of the important categories in the cybersecurity domain. It is customary that most cybersecurity is focused on the technical aspect of this domain and forgot to apply the basic principles of the management area,” Lita said.
This is divided into two parts: the pre-risk assessment and the post-risk assessment.
In pre-risk assessment, companies should be able to pinpoint their current stance, as well as the gaps in the solutions to be implemented.
For post-risk assessment, a company must be able to determine the lapses and weaknesses during a crisis which will help an enterprise be able to identify which parts to enhance — from the technical to the management level.
- Post Crisis Management
The last, but definitely one of the most important factors to consider is how the company continues its operations after a crisis.
“This will help the organization to identify the most recurring issues, problems, concerns from the technical, operational and management areas of cybersecurity,” Lita said.
Lita is currently a consultant for the AFP Cyber Group and a member of the Kagitingan Lodge No. 12 of the Independent Order of Odd Fellows. Read his full article here.