Cybersecurity Risk Planning
First and foremost, Dream Technology Solutions recognizes the impact this ruthless virus is having on people around the world and we would like to send sincere condolences to the friends and families of those that have succumbed to Covid-19. This article is not intended to overshadow the struggles, in any way, that are going on in every community. Our intention is to educate the business community about the learning lessons that can come from such a terrible situation.
Could a good cybersecurity program help to protect your business from a pandemic like Covid-19? Having a well thought out Disaster Recovery (DR) and Business Continuity Plan (BCP) can help your business survive almost anything, including a global pandemic. Businesses are being advised to allow their staff to work from home to prevent the spread of the virus. Unfortunately, many businesses are not designed to support this mode of operation. Their only option is to suspend work until the lockdown is over. This will have a huge impact to the business community and financial ramifications that will go on for months and perhaps years to come. If every business has a proper cybersecurity and risk management program in place, this ask would be much easier to accommodate and far less impactful.
If we look at the basic concepts of cybersecurity, we need to break it down into its 3 primary components: Confidentiality, Integrity and Availability.
By definition (in simplified form):
Confidentiality – Limit access to information
Integrity – Assure that the information is trustworthy and accurate
Availability – Guarantee reliable access to the information by authorized people
While all of these are important and core to a good cybersecurity program, this article will focus on the concept of Availability. Availability isn’t just keeping your business systems up and running; they need to be accessible to authorized users under any circumstances. We all know the havoc ransomware is posing by taking down business systems by encrypting critical files but who would have thought that the spread of a human virus would create an unprecedented system accessibility problem that IT staff would have to overcome? A good cybersecurity plan should consider all scenarios no matter how unlikely it may seem at the time – Northeast Blackout 2003, 9/11, numerous natural disasters and now Covid-19.
Many companies are turning to cloud solutions to address this accessibility challenge. Typically, if you have a computer that has internet access, you are good to go and can work from anywhere (well almost). If you are one of the lucky businesses that have all your critical systems in the cloud, staff can work seamlessly from home and you are probably going to survive this pandemic without missing a beat (if not for the dependencies on others). For the companies that have a more traditional IT environment, the lockdown brought on by Covid-19 could be disastrous to your business!
Moving systems to the cloud isn’t the answer for every company and there may be good reasons that this isn’t an appropriate option for your business. So, what should you do? Your Disaster Recovery (DR) and Business Continuity Plan (BCP) will be a little more complicated but must contain provisions for scenarios like the current pandemic. Any good plan must start with a worst-case scenario, and it needs to be WORST CASE. I often read DR and BCP plans that assume a server goes down or a system becomes unavailable for an extended period but that simply isn’t good enough. That may suffice to prevent minor disruptions, but I bet those companies wish they took a broader look at their planning now! Expect the worst and plan for it because you can’t adjust your plan after the disaster hits!
What would you have done if there was a gas leak in your building and people were denied access? What about an earthquake that took out the infrastructure preventing people from coming in to work or school? These seem like much easier scenarios to build a plan around, but we’ve had plenty of warning signs that something big like this pandemic was coming – SARS, MERS, Ebola, the Zika virus, swine flu… So why are so many people caught off guard and trying to figure it out now?
If you have a good Business Continuity Plan, now would be a good time to break it out and focus on your provisions for working from remote locations. If you don’t have this in place, there are options available that are easy to implement and can help provide secure remote access for the time being. Be careful, pragmatic and always continue to practice good cyber hygiene.
I do not endorse any of these products, but I feel like leaving you hanging may cause more damage than good. If you need to let your staff work remotely and don’t have the capabilities to do this today, investigate the following, or similar solutions:
Again, I do not sell or endorse any of these products but the last thing we need happening is to have people unknowingly exposing remote access using unprotected methods that would create gaping security holes. Something like this pandemic does not provide an excuse for anyone to get compromised because they felt they had to let their guard down to keep their business running. You have a responsibility under all circumstances to protect your company data. Don’t forget, the bad actors know what’s going on and see this as an opportunity to strike while companies are at their most vulnerable.
The experts at Dream Technology Solutions are here to help in any way we can. This article is about the importance of a good cybersecurity program and if we all make this a priority, we can keep our staff healthy, happy and support our vital business community.