As cybersecurity conferences worldwide cancel events, the impact of the coronavirus (COVID-19) on the industry comes close to home. At least two people who attended the annual RSA cybersecurity conference were officially diagnosed with the virus, with one placed in a medically induced coma. Compounding this industry impact, many companies have started initiating new “work from home” requirements for nonessential employees, including Apple and Google.
While companies brace for the coming changes that COVID-19 seems to be bringing, cybersecurity and compliance professionals find themselves struggling to balance workforce, member and data security. With this in mind, organizations should consider the following business continuity planning and cybersecurity strategies as they create their coronavirus preparedness plans.
Stay home, stay safe
Infosec’s education platforms were built from the start to be flexible and offer uninterrupted service.
For more than 5 years, Infosec courses have been online — helping remote students and employees meet their career goals and stay safe wherever they are.
What are the current governmental directives regarding COVID-19?
In late February 2020, the Centers for Disease Control (CDC) released its “Interim Guidance for Businesses and Employers.” This reads in part:
Important Considerations for Creating an Infectious Disease Outbreak Response Plan
All employers should be ready to implement strategies to protect their workforce from COVID-19 while ensuring continuity of operations. During a COVID-19 outbreak, all sick employees should stay home and away from the workplace, respiratory etiquette and hand hygiene should be encouraged, and routine cleaning of commonly touched surfaces should be performed regularly.
- Ensure the plan is flexible and involve your employees in developing and reviewing your plan.
- Conduct a focused discussion or exercise using your plan, to find out ahead of time whether the plan has gaps or problems that need to be corrected.
- Share your plan with employees and explain what human resources policies, workplace and leave flexibilities, and pay and benefits will be available to them.
The Occupational Safety and Health Administration (OSHA) and Health and Human Services (HHS) issued a joint guidance of their own which stated, in part:
- Employers should explore whether they can establish policies and practices, such as flexible worksites (e.g., telecommuting) and flexible work hours (e.g., staggered shifts), to increase the physical distance among employees and between employees and others
Although many companies already allow employees to work remotely, many others require employees to remain on-site when handling sensitive information. Unfortunately, those employees and organizations may not be able to control the required quarantine of sick individuals or may need to work remotely as part of physical distancing requirements for preventing the spread of COVID-19.
This means that companies need to start preparing new business continuity and security models now in order to limit business disruption.
Review your business impact analysis for cybersecurity controls
When people think about business impact analysis (BIA) and cybersecurity, they normally consider the potential impact of an organization’s essential functions being taken down by a malicious actor. While this remains true in terms of business continuity during an outbreak, the risks also shift.
Some considerations to include might be:
- Availability of critical IT staff
- Workforce member home wireless security
- Use of Virtual Public Networks (VPN)
- Enforcement of encryption processes
- Managing user access to applications with multi-factor authentication
- Monitoring user and entity behavior analytics (UEBA)
- Limiting user access according to the principle of least privilege.[…] Read more »….