With so much of our lives now taking place online, the need for safety and security is greater than ever. We need to be able to trust that our networks are secure from attacks and reliable in their levels of connectivity. Also, we need to be sure as individuals that we are as safe when operating online as we are when offline, with trusted identity and security systems in place.
Now that Covid-19 is truly global, working remotely is the new normal and the integrity and availability of data and systems have never been more important. This global crisis has been majorly impacting modes of working, technology choices, risk monitoring capabilities, and more. Moreover, a lot of disinformation, misinformation, and fake news has been floating around regarding the Covid-19 pandemic. Citizens are not only the end victims of these falsehoods but are also prone to forwarding messages without fact verification.
So, how to prepare, monitor, take action, and sustain organizations during a pandemic crisis? What must organizations do now while preparing for what happens next — during the Covid-19 pandemic and beyond? In the wake of this, maintaining cyber resilience is of utmost importance for organizations worldwide.
Learning Some Hard Lessons Around Cyber Resilience
There are some lessons around resilience from Covid-19. It has pushed organizations to rethink business models to deal with changes in working patterns, customer support, and supply chain management. Organizations now have a clearer idea of who and what matters to their businesses. They have been changing their policies around crisis management and cyber resilience. The ongoing pandemic is also an opportunity for organizations to assess their IT infrastructure. They should deploy robust and advanced cybersecurity solutions.
Security and risk management leaders now must safeguard their companies on a massive scale, and quickly. They must ensure that their online services and digital platforms are resilient against cyberattacks. Lessons from this crisis also matter for the future, and we should remember to incorporate them into future operating models.
Cyber Resilience Plan: Strategies & Recommendations
As this pandemic unfolds, organizations need to prioritize resiliency more than anything else. This includes how to identify, resist, and respond to disruptive cyber events. To effectively build resiliency during this new working reality, organizations need to focus on the four key pillars: People, Process, Technology & Compliance.
Thus, to remain resilient, organizations must ensure that they are still able to:
- Respond effectively and efficiently to cyber incidents
- Maintain cyber resilience
- Maintain wider cybersecurity posture
Cyber resilience goes beyond just protecting critical information infrastructure. The ability to recover and for life to continue in the face of these adverse cyber events depends on developing an effective cyber resilience strategy involving different stakeholders. Hence, the goal is to create the capability and methodology to anticipate threats, monitor the impact of the threats, and respond quickly to ensure the continuation of business operations.
Considering the above, governments and citizens can build cyber resilience through several measures in the time of Covid-19 and beyond. First and foremost, citizens need to gain a basic awareness of the cyber risks and vulnerabilities that might affect them. They also need to develop an awareness of when things are not going right and when they have been a victim of an adverse cyber incident. Furthermore, to accelerate cyber resilience across different countries, governments are recommended to frame cyber resilience at the societal level. They must also operationalize resilience through well-defined and structured programs, resilience metrics, and resilience maturity models.
Now, let’s look at 5 effective strategies to help in building cyber resilience:
1. Building cyber resilience during WFH
The coronavirus pandemic is causing significant changes in global markets, with a possibility of the steepest economic downturn since the Great Depression, according to the International Monetary Fund. Given the current financial volatility, we have already seen layoffs, furloughs, and reductions in work hours. In this uncertain time, remote working can help protect your business and improve resilience, but only if you get it right. Remote working, however, brings new challenges and you need to adapt your cybersecurity safeguards to take account of this. Good operational resilience is vital, regardless of whether your people are working remotely or on-premises. Effectively managing information security, data protection, and cyber resilience processes can support your business while your employees are remote working during the lockdown.
In this new working reality, adapting and keeping a focus on cybersecurity in all settings is critical. Here’s what you can do to work from home more securely.
Secure your working environment:
Try to designate a room as your home office, lock the door if you can. Ensure private conversations remain private by turning off Alexa and Google Assistant.
Maintain a clean desk policy:
Make certain all paper copies of sensitive information are stored out of sight and secure when not in use.
Ensure screen locking:
Lock screens when not in use and shut down devices when the working day is over.
Establish strong passwords:
Secure your work device with strong passwords, consider using a password manager.
Keep work and home devices separate:
Don’t use work devices to download personal apps or conferencing tools without IT permit.
Connect through VPN:
Always connect through a VPN to ensure your internet connection is stable and encrypted.
Secure WiFi access points:
Verify wireless routers use WPA2 and ensure they’re protected with strong passwords.
Be wary of Covid-19 phishing attacks/ scams:
Organized crime groups are using false information on Covid-19 to target organizations and individuals for a range of scams. Be watchful of the emails you receive in your inbox. Do not click on a suspicious link.
2. Secure collaboration tools
While email, office productivity tools, and video conferencing have been vital during the pandemic, you may choose to innovate by adopting and using additional secure collaboration tools. Exploring new capabilities, such as augmented/virtual reality (AR/VR) or AI chatbots can enhance business operations.
3. Develop and an effective cybersecurity policy
Refresh and update cybersecurity policies to address pandemic-triggered IT capabilities, architecture, and processes. Also, consider conducting a risk assessment and identifying enforcement mechanisms, such as multi-factor authentication, single sign-on, and automatic logout from unattended devices.
4. Establish a BYOD Policy
This is the bring-your-own-device policy. Many organizations chose to allow employees to use their devices, including laptops, mobile phones, and tablets, for work. Amidst the Covid-19 crisis, work phone calls have been routed to personal mobile phones, and emails are made available on personal devices. Moreover, an increasing number of employees are permitted to access cloud-based applications from personal devices. It is advisable to establish a new work policy keeping cyber resilience in mind. This is to document any new measures/ practices implemented during the pandemic.
5. Refurbish the supply chain & third-party management:
The pandemic has led your supply chain partners and other third parties to transform their business models. Given this, organizations should consider:
- Reviewing third-party agreements, including service-level agreements with IT providers, to ensure they meet current business requirements.
- Conducting cybersecurity audits and establish ongoing audit requirements for all third parties with authorized access to company networks, systems, or data.
Cyber Resilience for the Present and Future
Organizations today need a unique, secure, scalable, and comprehensive approach to discover, identify, prioritize, and act upon risks associated with the pandemic and its overall impact on an organization’s security structure. Organizations should consider blending new cybersecurity investments with enhanced cyber insurance coverage to reduce their retained risk, optimize spending, and preserve resources. Today’s IT and network capabilities have enabled the strategies that have kept many companies afloat during the pandemic. The post-pandemic recovery and preparation period presents the opportunity for companies to rebuild to a new normal, with enterprise resilience as a pervasive goal.