InfoSec Insider

How to Write a Cybersecurity Playbook During a Pandemic

IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on.

If it feels like you’re constantly revising the draft of your cybersecurity playbook these days, it’s because you probably are.

Executing a thorough cybersecurity approach was hard enough before the pandemic. Then COVID-19 came along and forced all of your employees out of the office and into their homes, likely working on personal devices and home networks that — let’s face it — probably haven’t seen a password change since the initial setup. Now, just as many of us were settling into the work-from-home routine, we’re all of a sudden planning to transition back into the office, depending on your industry and where you are in the world. Trying to come up with reasonable safety measures that also make it easy for people to stay productive wherever they work is no small feat.

As security professionals, it’s our job to help users — including employees, customers, vendors, suppliers and partners — seamlessly access the resources they need to do their jobs, whether that’s on office desktops or on their mobile devices. COVID-19 hasn’t changed any of that, it’s just made it a lot harder.

So while the initial panic has subsided, the disruption continues. And of course we can always count on cybercriminals to take advantage of situations when our defenses are most vulnerable. Back in April, the Department of Homeland Security (DHS) warned that “APT groups are using the COVID-19 pandemic as part of their cyber-operations. These cyber-threat actors will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised.”

The good news is, you can stop second-guessing every draft of your cybersecurity playbook because the world and how we adapt to it is changing every day. No matter how many employees are working in the office, at home, or (maybe someday) in airports and hotels, here are some effective and lasting things you can do right now to protect your organization from phishing and other cyberattacks (of course, these are important even when there’s not a pandemic).

Stop relying on passwords. It’s hard to believe in 2020 that stolen and weak credentials are still responsible for 80% of corporate hacking-related data breaches. If you haven’t started already, now’s the time to enforce multi-factor authentication (MFA) on all user accounts. Consider adding a physical factor, such as the YubiKey or strong biometrics, which eliminate the need for passwords and are much harder to spoof than one-time passwords (OTPs).

Shore up the gaps in VPNs and other remote working tools. Did your mobile infrastructure scale from a few hundred to a few thousand VPN connections in a matter of days (or hours)? If so, hackers have been on the case exploiting known vulnerabilities in these and other remote-working tools such as remote desktop solutions and consumer video conferencing apps. In the era of COVID-19, many organizations are even less likely to update their VPNs with the latest security updates and patches, putting apps and data at even greater risk of a breach.

Educate users. Security folks say all the time that you shouldn’t rely on end users to protect your valuable data, and that’s still true. But training your mobile employees to spot some of the latest phishing techniques can go a long way toward preventing the next attack on your organization. People feel especially vulnerable during a pandemic and are therefore more susceptible to the barrage of pandemic-related phishing schemes. Employ online security training to teach mobile users how to avoid these scams, especially now. Here’s a quick guide to get started.

Keep everyone talking. It’s easy to want to throw technology solutions at complex problems, and mobile security can definitely alleviate some of our biggest headaches like device and network threats. But automation is no substitute for communication. Consider that only 51 percent of technology professionals and leaders are highly confident that their cybersecurity teams are ready to detect and respond to rising cybersecurity attacks during COVID-19. If you’re one of those security professionals who doubts your company’s ability to fight off cyberattacks, especially while everyone is working remotely, now’s the time to speak up. Your company is relying on your cybersecurity team to stay productive, organized and vigilant, now more than ever.

As we all move forward into the unknown, we have to plan for the now as well as for the future. The only way to do that is to stay agile, pay attention, and keep revising your cybersecurity playbook to meet the unprecedented demands of this new moment.

Brian Foster is senior vice president of product management at MobileIron.

On Wed Sept. 16 @ 2 PM ET: Learn the secrets to running a successful Bug Bounty Program. Resister today for this FREE Threatpost webinar “Five Essentials for Running a Successful Bug Bounty Program“. Hear from top Bug Bounty Program experts how to juggle public versus private programs and how to navigate the tricky terrain of managing Bug Hunters, disclosure policies and budgets. Join us Wednesday Sept. 16, 2-3 PM ET for this LIVE webinar.




Suggested articles