Top 5 Cyber Security Tips for Security Leaders

Managing the Availability of your Business Systems 

Current events are causing daily surges in demand with the use of various products or services. You should consider how your organization’s product or service can remain available if you see significant spikes in traffic.

Examples:  Trading platforms are seeing surges in traffic as volume has increased with market impacts. Healthcare organizations from providers to labs are also seeing swells in traffic. There are also more non-obvious impacts such as increasing sales with online retailers as more people shop from home.

Next Steps:

  1. Determine whether this will have an impact on your organization’s product or service.
  2. Identify, review, and determine the applicability of your organization’s formal business continuity or capacity plan for supporting these potential events.
  3. Be sure to consider the potential impacts of cyber-attacks.

    4. Think about whether your plans or scenarios have been tested and whether you would consider them valid.

  4. If not, determine and organize stakeholders to brainstorm scenarios and tactical approaches to be as prepared as possible.

Maintaining Appropriate Cyber Security Staffing 

Many cyber security teams were shorthanded before COVID-19 and have multiple single points of failure. Current events could lead to even more key team members becoming unavailable.

Examples:  You only have one person that knows the passwords to your vulnerability management platform, how to operate it, or otherwise perform vulnerability management activities. If this team member were gone, you would be unable to get this information to maintain this cyber service for your business.

Next Steps:

  1. Understand how well-documented your cyber security program is, and any associated processes within it, with particular care to note single points of failure on the team.
  2. Where possible, have the team update internal process documentation in their areas to keep it current. Make sure documentation identifies any technologies that are needed to perform these process steps.
  3. Take an inventory of all identified security technologies. Be sure that accounts remain unique, but that multiple team members can access this system if needed.
  4. Include any business rules or tribal knowledge needed to practically perform these processes.
  5. Where possible, take advantage of shadowing across your team to limit single points of failure.

Tactical Incident Management Readiness 

It’s common for cyber-attacks to increase during times like these where organizations are not operating at full capacity with normal operation protocol or is under significant stress.

Examples:  We will see increases in phishing attacks associated with COVID-19, especially as workforce may be working from home on systems that may have fewer preventive safeguards on them.

Next Steps:

  1. Determine if your existing incident management process is ready for potential attacks we’re already starting to see.
  2. Establish trusted sources, such as a managed service provider, that can give your team updated information on any trends in attacks or awareness as successful attacks begin to spread.
  3. Educate your helpdesk on things to look for that may be a symptom of a cyber-related attack versus a common call.
  4. Where possible, perform simulations now to test your ability to respond based on your unique situation.
  5. Look to establish incident response retainers with service providers now to support you through any staff impacts or in the event of an incident scenario.

Situational Effectiveness of your Security Architecture 

Many organizations now have highly distributed work environments with their workforce operating from their homes. It’s important to make sure that these new architectures are evaluated to ensure they are still adequately protected with appropriate security technologies.

Examples:  Where possible, implement preventive and detective safeguards as needed and based on the situation. This can include phishing technology for people working remotely, adequate and secure communication technology, or centralized security logging and monitoring safeguards that receive these logs from the entire new environment.

Next Steps:

  1. Determine the effectiveness of preventive and detective safeguards in your new architecture at each layer of technology including the application, database, network, operating system, and physical layer.
  2. Perform a quick measurement of gaps in the security architecture at each layer of technology.
  3. Where gaps are identified, see if they can be tactically fixed or if you must identify and implement compensating controls.
  4. Review your cyber security insurance policy to make sure that any identified gaps will not impact potential coverage.
  5. Remember that training and awareness is your cheapest and often most effective compensating safeguard. Training and awareness around phishing and password management are going to be critical during these times.

Security Considerations for Employees Working at Home

It’s important to secure the parts of your workforce that are working from home or offsite.

Examples:  Many home environments are not adequately secured including computers that are not adequately patched, inadequate anti-virus, as well as multiple vulnerable devices on their home network.

Next Steps:

  1. Review your internal security policies and ensure they are updated for guidance on policy and standards while employees work from home. 
  2. Create forums or FAQ’s for employees to ask questions or get advice about cyber safety tips and techniques for working from home. 
  3. Ensure that you perform relevant and ongoing training and awareness for all employees. 
  4. Ensure that your employees know how to report security events or suspicious activity while working from home 
  5. Feel free to share and modify to your needs or share the information for tips on working from home.