Content

5 Ways Security Can Ensure Business Continuity in the COVID-19 Era

The COVID-19 pandemic has become a wake-up call for companies to sharpen their business continuity plans. As the crisis continues on, many realize the business continuity strategies they have in place aren’t equipped to safeguard against the new and evolving security risks of the remote workforce, or resilient enough to sustain business operations through another potential outbreak.  

A well-established business continuity plan lets businesses operate as close to normal as possible while staying secure, and it also keeps the gears of the enterprise churning as unexpected challenges arise.

Here are five ways security pros can ensure business continuity in the COVID-19 era:

  1. Identify the existing security gaps. Conduct a risk-based assessment of the technologies and processes in place to identify security gaps. Look for  shortcomings in the company’s security strategy. Does the remote access infrastructure need an upgrade? Does reliance on Zoom pose a security risk? A precarious array of different tools and applications can also create a security nightmare for IT professionals, as a large number of misconfigured and exposed deployments of various software makes it almost impossible to orchestrate safely. Companies need to understand that hackers are stealing data at a scary pace during the COVID-19 period thanks to a world that’s now reliant on a series of jumbled networks and remote work applications. Closing any security gaps will reduce downtime and keep your operations humming along.  
  2. Deploy a software-defined perimeter. Prior to the pandemic, traditional VPNs were sufficient for most companies as they had a smaller percentage of employees working remotely. Legacy VPNs were not built to support thousands or even millions of users globally, rendering enterprises and organizations of all sizes more vulnerable than ever to attacks and data breaches. Look for a system based on the software-defined perimeter architecture and the Zero Trust model. SDP products let IT managers  customize permissions for the employees who need access to specific parts of the organization’s network. Additionally, by adopting the Zero Trust, need-to-know model, each remote employee will receive tailored secure access to only the resources necessary for their roles. By creating this kind of efficiency, employees will remain productive and security managers can spend more time focusing on external attacks.
  3. Focus on employee policies. It’s important to create policies based from the business strategy and on the needs of employees. In the case of COVID-19, it’s important to adjust employee policies in the light of the expanded use of remote access. For example, because they now work from home and can theoretically connect at any time, security teams may want to apply policies that restrict them from gaining access at all hours. By applying policies tied to access based on time, team and even day of the week, security teams can better monitor the network because it lets them more easily identify any anomalies or unusual activity. By implementing tools such as device monitoring, Wi-Fi security, and two-factor authentication, policies can also offer an additional layer of defense against unauthorized network access. The more layers of authentication present, the harder for hackers to gain authorized access.
  4. Look for unified, cloud-integrated security products. By investing in integrated cloud-native security products, companies can establish clear visibility into their networks and more easily detect unusual activity. Although it’s still a new concept, Network-Security-as-a-Service has already proven effective as a way to unify the tools that IT teams have had to incorporate as a response to their organization’s remote migration. It makes it much easier to create agile access policies, segment and onboard users, monitor network activity and deploy basic security technologies such as two-factor authentication and IPSec tunneling.
  5. Educate the staff. Educating employees on the importance of remote security helps them understand the impact they have on the organization. Teach them to think of security as a joint responsibility for everyone in the organization by laying out clear examples of their role and its impact on security. Today, with so many people working remotely, it’s dangerous for employees to think that the organization’s security falls solely on the security team. Conduct virtual trainings to familiarize employees with any new services the organization has adopted, as well as how to avoid risks such as phishing attacks. Educate employees to always double-check the email address, the tone of the email and the request itself. They may also need to learn more about how to segment their home networks and change the Wi-Fi password more frequently.

COVID-19 will not last forever, yet the lessons we learn from this experience will stick. Many organizations will emerge from this period stronger, with team members who have a deeper understanding of security and how to stay productive while working remotely. For organizations that have done their homework, whether it’s the next pandemic or a major hurricane, they will have baked security into their business continuity plans so that many of these policies will be second nature when another crisis hits. Most organizations weren’t ready for COVID-19. Everyone understands that can’t happen again.

Sivan Tehila, director, Solution Architecture, Perimeter 81

Sivan Tehila

Sivan Tehila, CEO & Founder of Onyxia Cyber, is a cybersecurity expert and entrepreneur with more than 15 years of experience. Sivan started her career serving in Israel’s Intelligence Corps, initially as an Intelligence Officer, then CISO of the Research and Analysis Division, before becoming Head of the Information Security Department. Subsequently, Sivan consulted on cybersecurity for Israel’s critical infrastructures and defense industries, and later became Director of Solution Architecture for Perimeter 81.

Sivan is also the Program Director for the Masters in Cybersecurity program at NY’s Katz School of Science and Health, Yeshiva University. The course was ranked second in the US by Fortune magazine. An advocate of women in cybersecurity, she founded Cyber Ladies NYC and developed a unique cybersecurity program for Manhattan High School for Girls. Sivan has been recognized by SC Magazine as a ‘Woman to Watch’ and hailed as one of ‘25 Influential Women in IT Security’.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds