We asked the engineering team what customers should be considering during the time of COVID-19 and other pandemic or natural disasters.
- Be aware of phishing emails
Phishing emails and malicious activity increase during times of crisis. Attackers are opportunistic, so maintain extra vigilance, perhaps tweak or tune your email filtering solutions, and make your users aware of the heightened risk. Expect everything from fake alerts and updates related to COVID-19 to fake notifications from financial institutions.
Remediate with added phishing protection and email filtering through email security tuning, whether using plug-ins, O365 protection, or third-party solutions such as Fortinet and Barracuda and use the opportunity to run to update your internal phishing campaigns and simulations.
2. Prepare for a remote workforce
Common options for remote access solutions include SSL-VPN, remote/Internet-tunneled AP options, and VDI). As you’re moving workforce to remote, here are some things to consider:
- Any remote solution that requires access to internal resources (vs cloud apps) will require a tunnel into the organization. This can happen through VPN technologies, remote/tunneled AP options, and virtual desktop technologies. These remote solutions will require some type of device (physical or virtual) within the organization to terminate the secure tunnels.
- Remote access solutions can allow light access to specific applications and resources, over specific ports and networks, or full network-based access, which essentially drops that user on the internal production network. Be sure to plan security appropriately and only provision the least amount of access required per user or group.
- When allowing users to connect remotely, consider endpoint compliance scanning especially if users may be connecting from personal devices through BYOD policy or if your managed devices don’t have the same security enforcement when operating outside of the organization’s local network.
If users don’t require access to internal resources, you should still consider endpoint protection that can be centrally-managed, regardless of whether the users are connecting from personal or organization-managed devices.
Stress load testing is challenging without actual testing. Many organizations will start having a group or department work from home at a designated time for real-world load testing. Test, expand the test, and adjust the infrastructure as needed to accommodate the load.
Carolina Advanced Digital is offering a limited-time Remote Access Bundle drop-in solution for clients. Ask your account manager or contact us for more info.
3. Enforce change management
When dealing with emergency and unprecedented situations, IT professionals and organizations will commonly make novel changes to the processes and controls to meet the most immediate needs and ensure business continuity.
It’s during these times change management becomes critical. If you don’t have a mature change management process already, your team should put something in place to capture all changes. You can also leverage logging and SIEM tools to capture and document changes to be revisited later. It’s almost inevitable that some changes will introduce added risk to the organization, and they need to be mitigated, monitored, and probably adjusted/removed later. Without strict change management, you’ll never know what to revisit.
Suggestions for minimal change management tracking:
- Exemptions to policies
- Exceptions to documented processes
- Modifications of infrastructure (switches, routers, firewalls, endpoint security settings)
- Temporary configuration changes with notation as to why they were made, and when they should be reviewed/removed
4. Test and verify backups and playbooks
Any emergency will flex and push existing backup and playbook planning. For any plan in place, if your team or organization doesn’t have structured tabletop exercises and regular testing, consider an ad-hoc test as soon as feasible.
- Verify backups are successful, test your DR plans as best you can if not already scheduled
- Review playbooks for pandemic scenarios and related events (ransomware/malware) and adjust if/as needed to accommodate a possible remote workforce
5. Expect supply chain delays
With any natural disaster or pandemic, and even certain political climates, there can be disruption in the supply chain. Include supply chain impact in your planning and contingencies and document any activities requiring procurement (especially of hardware) as risks in the risk register, and monitor closely.
Everything from IT gear to giveaways at events could be impacted and ensuring integrity of the source is still critical during times of emergency.
Carolina Advanced Digital offers a breadth of security solutions including products and services for infrastructure and security including remote access, SIEM, phishing, consulting, and more. Contact us today to schedule a free call with a team member to discuss your needs.