Enterprises need to take the COVID-19 crisis as an opportunity to work on security preparedness plans
The COVID-19 crisis has forced enterprises to change their basic operations in ways virtually no one could have predicted. At the same time, it has made them realize the need to have an improved preparedness plan for disaster recovery for the future.
CISOs and other security leaders need to consider a couple of critical factors while creating and executing a preparedness plan in a time of crisis. Reduction in IT and security staff is a significant problem that CISOs will face in the time of crisis like the present one. Organizations should be ready to hire third parties and approach managed security service provider till things go back to normal. There will be instances where some employees may not be able to do any work because of illness, transportation, and technology challenges. CISO’s should identify and prepare for all possible scenarios to avoid business interruption. An organization’s cyber resiliency program should also include disaster recovery, business continuity, and crisis management.
Companies will also witness gaps in the crisis they have planned for and the one they are facing at present. The good idea is to document what factors do companies need to work on, in order to improve their preparedness for the current and the next crisis.
As a standard practice, there should be a good communication line between the security team and the lines of business. CISOs need to have seamless connections with business personnel across the organization to understand how the crisis is affecting different systems and people.
It is also essential to continue educating executives about security risks and how to mitigate them, even if they are busy handling revenue concerns. As employees are working remotely, it is important to work with internal communications teams to ensure they understand secure network technologies like VPN connections and two-factor authentication.
A crisis should be treated as a learning experience by security leaders and teams to be better prepared for the future. They can learn about offering better communication and offering the necessary tools for remote employees. It is also crucial to openly discuss, document, and track the new things the security team has learned during the time of crisis.
A crisis offers an opportunity for CISOs and the security team to learn what works and what does not, in the company’s original crisis plan. It is important to take note of several key aspects that are experienced during the crisis. For example, the availability of bandwidth to support multiple virtual meetings, the availability of laptops, or docking stations, to name a few. Security executives can also get input from other stakeholders about their experience. Once the crisis is over and businesses are back to normal, companies need to ensure these learnings are documented and converted to accessible executive awareness points about ongoing crisis mitigation needs.