COVID-19 forced a rapid change to BAU, including the movement of large populations of the workforce to remote working. This has caused many companies to put in place new IT capabilities ad-hoc. Solutions may have bypassed normal deployment processes and may have stretched or violated existing cybersecurity policies.
Preparing for the post-pandemic world
As social distancing measures are eased your business will need to adapt operations to a “new normal.” This includes evaluating IT and cybersecurity changes introduced in response to the pandemic.
Even during “normal” times, policy often lags behind. In the post-pandemic world, policy and documentation will need to catch up. Some changes made in response to the pandemic may need to be institutionalised; others may need to be replaced with more secure and permanent solutions.
The post-COVID-19 business world has some expected features, including:
- Increased remote working.
- Growth in use of online collaborative tools.
- A rise in e-commerce.
- Increased cyber security risks due to increased telework.
- More attention to enterprise resilience.
With this in mind, here are 10 things to consider to help protect your business from emerging cybersecurity risks in a post-pandemic world.
1. Working from home (teleworking) solutions
Anticipating a permanent increase in telework, companies should consider:
- Acquiring the appropriate on-demand bandwidth to move content, especially video teleconferencing, between sites.
- Establishing VPN capacity through deployment of Internet Protocol Security (IPsec)-based VPN clients or other secure connectivity solutions to employee workstations.
- Addressing the use of company-issued and approved personal mobile devices for business purposes. As outlined below, you might consider implementing a bring-your-own-device (BYOD) policy.
- Examining use of internet-based remote desktop protocol (RDP), which allows remote access of Windows systems and servers and is an enticing target for hackers.
2. External perimeter protection
A rise in remote connections can increase a company’s cyber-attack surface. Organisations may protect their external perimeters by:
- Implementing network access control (NAC) to authenticate and validate devices and enforce security policies before permitting them to connect to corporate networks.
- Locking down user workstations and company-issued laptops with a defined security configuration, and removing admin privileges from end-users.
- Implementing capabilities that support remote endpoint data collection and analysis to identify unauthorised activity.
3. Cloud services
Cloud services offer many benefits, but realisation of these benefits requires services to be deliberately and strategically adopted and managed. Companies should consider:
- Adopting formal strategies for the use of cloud services.
- Developing complete inventories of current cloud usage, and rationalising the use of multiple services.
- Defining data storage policies outlining the conditions required for the use of cloud services, data center storage, and local storage, particularly for sensitive information.
- A cloud access security broker is an on-premises or cloud-based software that monitors cloud activity and enforces security policies. It can help detect and monitor cloud usage within your business, enforce related cybersecurity policies and guard against malware.
4. Secure collaboration tools
While email, productivity tools, and video conferencing have been vital during the pandemic, your business may choose to innovate by adopting and using additional secure collaboration tools. This could include emerging capabilities, such as augmented/virtual reality or chatbots for content delivery, which can enhance the operations of your company.
5. Cybersecurity policy
Refresh cybersecurity policies to address new IT capabilities and processes that were triggered by the pandemic. Organisations should consider conducting a risk assessment and identifying enforcement mechanisms, such as multi-factor authentication, single sign-on, and automatic logout from unattended devices.
6. BYOD policy
Many businesses chose to allow employees to use their personal devices, including laptops, mobile phones, and tablets, for company business during the pandemic. Businesses should establish or reshape their policy, and properly document any measures implemented during the pandemic.
7. Cyber Incident Breach Response (CIBR) plan
Companies with strong and current CIBR plans should consider incorporating lessons learned. If there was no pre-existing CIBR plan, the need for one should now be obvious. Companies may:
- Refresh and update CIBR and disaster recovery plans to address and reflect current operations.
- Coordinate and cross-reference CIBR plans with disaster recovery, business continuity, and enterprise crisis management plans to create comprehensive crisis planning document sets.
- Maintain these documents as regularly exercised living plans.
8. Supply chain and third-party management
The pandemic may have led your supply chain partners and other third parties to transform their business models. Companies should consider:
- Reviewing third-party agreements, including SLAs with IT providers, ensuring they meet current requirements.
- Conducting cybersecurity audits and establish ongoing audit requirements for all third parties with authorised access to company networks, systems, or data.
9. Cyber-attack financial protection and recovery
Changes to your IT infrastructure, from new physical assets to cybersecurity measures, should be accounted for in your cyber risk profile, with adjustments made to insurance coverages as needed. As cyber risk is not solely an operations or technology risk, it is critical to manage both cyber infrastructure and organisational financial exposures. Consideration should be given to cyber insurance, which can provide a cost-effective and critical financial backstop in the wake of a cyber-attack. Companies should:
- Review existing insurance coverage, including identifying potential gaps.
- Examine how new cybersecurity challenges fit into your business' cyber risk strategy.
- Be aware of potential changes in coverage terms and conditions at renewal as insurers assess losses and changes in claim patterns post-pandemic.
10. Cyber operations
Businesses will be operating differently in the post-pandemic world. Companies should consider:
- Monitoring the collection and analysis of cybersecurity alerts and audit logs to detect and respond to suspicious activity.
- Reviewing and updating VPN profiles and firewall rules so employees receive appropriate role-dependent privileges.
- Implementing or refreshing processes for obtaining approval from data and system owners for the remote use of business applications.
- Creating a simple process to flag and forward suspicious emails for technical analysis.
- Introducing secure access solutions with sufficient capacity for the increased numbers of remote users.
- Enforcing software updates to remote workers’ company-issued devices.
- Enabling multi-factor authentication for VPN and critical information systems.
- Increasing IT help desk capacity to handle a remote workforce’s increased service requirements.
A new focus on resilience
The current crisis has highlighted the need to prepare for serious business disruption. A recent survey found that more than a fifth1 of organisations have shopped for new security solutions or services to respond to their new reality.
Organisations should consider blending new cybersecurity investments with enhanced cyber insurance coverage to reduce risk, optimise spending relative to protection, and conserve resources.
The pandemic has illuminated the need for enterprise resilience in stark and compelling terms. The post-pandemic recovery and preparation period presents the opportunity for companies to rebuild to a new normal.
For more pandemic information and insights, visit our Coronavirus Resource Centre.