I think we can all agree, these are uncertain times, and business hates uncertainty.
How do companies that are worried about their own survival address the security and hygiene of their technology stack? It seems counterintuitive to worry about normal processes like system patching, availability and security operations. But it's times like these that make those foundational processes even more critical.
Many companies find themselves instantly supporting a completely mobile workforce and business processes that were never built to support that type of remote collaboration. IT teams are scrambling to provide remote access capabilities and infrastructure is overloaded. I was speaking with a former colleague at one of the largest banks in the country, and they have had to make snap decisions to provide VPN capacity to handle the additional workload.
As technology leaders, it's important that we are able to maintain security standards during times of stress and crisis. We must ensure that our infrastructure is up to the challenges. These situations include new aspects of security that many IT teams may not routinely consider - the security of home networks and home computers for employees that were never chartered to work from home full time.
It's that much more important that critical applications and systems are patched, and hosted in secure infrastructure. Providing employees with secure means to access your companies most important assets (despite not being able to enforce endpoint security standards) require IT teams to pivot quickly.
Teams should focus on:
- Multi-factor authentication for applications and remote access
- Restrictive VPN access policies, ensuring that users can only access necessary systems
- Behavioral network protection systems that are active and updated
- Critical systems that are part of a timely patch management program to minimize risk of compromise
Paying attention to these areas will minimize the risk to your internal systems. But no security program would be complete without making sure you address the largest risk to your systems - your users. Communicate often throughout this time with them to make sure they are conscious of the risks to their systems and yours.
Taking care of these important items will help your business navigate the uncertainty and successfully transition to this new remote mode of operation until things return to normal. And consider this the new normal - there is a high probability that a substantial portion of the workforce will continue to be remote once we get the all clear.