Respond: How can your organization effectively manage this crisis?
Two words: flexibility and adaptation. Organizations need to be nimble and open to new ways of running their operations. For many, this includes sending personnel home to work remotely, which demands new and additional IT considerations around access, infrastructure, and system and data security.
The following early steps can help ensure the integrity and reliability of your information systems so your organization can maintain its operating effectiveness despite a remote working environment and other challenges:
1. Look to your business continuity plan.
When it comes to the security of your information technology and data to support cyber resilience, your business continuity plan can’t sit on a shelf (or a storage device). Consider it a living document to guide your response to and preparedness for any crisis situation. It should be user-friendly, available in digital format, and accessible to as many employees as appropriate. These factors will improve your organization’s readiness.
2. Identify critical data.
Conduct a data classification/data management exercise to identify all critical data, both on- and off-premise. Use the results to strengthen your data loss prevention strategy. If you haven’t had a data loss prevention strategy, it’s not too late — now is the time to develop one.
3. Ensure a secure VPN and appropriate bandwidth.
Confirm a secure VPN is in place for all workstations, along with the adequate bandwidth to handle the workload. Management should have a single, designated mode of contact for streamlining communications with staff.
4. Confirm software updates and endpoint security.
Ensure staff have the latest software updates installed on their workstations, including endpoint security.
5. Verify multifactor authentication.
Verify multifactor authentication is in place. This should be used for any and every critical business transaction.
6. Communicate with critical vendors.
Contact your critical vendors to discuss challenges with respect to your critical business processes. If needed, identify alternates.
7. Identify communication channels — and backup channels.
Identify alternate platforms in case your chosen channel isn’t consistently available. Heavy loads created by the large-scale move to remote work is pushing some platforms to the limits of their current capacity.
8. Monitor access.
Exercise the access management protocols you have in place for restricting unauthorized and malicious access. This should include vigilant monitoring, including regularly reviewing logs of all IT assets such as data centers and network closets.
9. Respond rapidly.
It’s vital to set up an incident response team or incident command system to delegate responsibilities and oversee resolution — fast resolution — when a cybersecurity incident occurs.
10. Follow the plan.
Ensure all of your disaster recovery procedures are followed according to your business continuity plan and other set procedures. Make sure all leadership is supportive of and adheres to the plan to help ensure security and compliance efforts are maintained throughout.
Restart: What can you do to plan the return to normal business operations?
Promptly taking the steps above to respond to the initial phases of the COVID-19 crisis helps provide your organization a safe IT and cybersecurity foundation upon which to restart operations as the situation begins to stabilize.
To get your leadership and staff teams on the same page, make use of the audio and video conferencing services your organization has already vetted and installed. Together, take the following steps to help safely and securely restart operations:
- Verify that facilities are safe and secure for IT, leadership, and all other staff.
- Review and approve a reconstitution plan with your management team.
- Identify and prioritize business processes and functions that can be fully restored the soonest, based on your business impact analysis.
- Allow ample time to coordinate with management on your vendor management program.
- Identify, document, and address gaps discovered during the respond phase in a structured manner to be prepared for the next crisis.
Be ready: How can your organization prepare for the next disruption?
Postincident, it’s vital for key personnel to conduct a hotwash, an after-action review, to learn what improvements can be made to minimize future — and, possibly, as-yet underappreciated — disruptions.
A top priority should be putting an effective business continuity plan in place. If you were operating without one prior to this stage, don’t waste any time developing your plan now.
In addition, you’ll want to take the following steps:
- Look back. Review the issues and any oversights that came to light in earlier phases of the crisis and use them to inform your preparation for the next crisis.
- Conduct or refresh your risk assessments and business impact analysis to identify time-sensitive and critical processes and functions. Include key personnel and vendors (and their contact information).
- Focus on the people, process, technology, and data aspects of your risk assessments to develop holistic solutions and stand as suitably prepared.
- Develop recovery strategies, including checklists, around disruption and losses of all types, not only related to IT and cybersecurity but also facilities, supply chain, and of course personnel.
- Capture vital resources, such a workstations, software, and key records, in your asset management program. If you haven’t had a formalized program, take this opportunity to develop one.
- Train key personnel at least once each year on how to update and use your plan. Ensure the plan is updated annually — at a minimum.
- Test your business continuity plan through tabletop exercises at least once each year.
We still face a great deal of uncertainty about the COVID-19 crisis. But one thing is sure: There will be future events that warrant fast, decisive action to safeguard IT and cybersecurity for business resilience. Although you can’t anticipate every possible risk, proactively taking the steps above can help protect your organization with improved safeguards.
We're here to help. Our COVID-19 task force is standing by to provide complimentary guidance to help you respond, restart, and be ready.