Fear, panic, and crises breed many things; remember that heroism is one of them. Here’s everything CTOs, CISOs, COOs, CFOs, and CCOs need to know to lead their organizations through the COVID-19 crisis, beginning with an update on what we’re seeing among our own clients.
Over the course of the past month, we’ve supported our clients in their shift to a full work-from-home (WFH) model. Clients are using a mixture of secure VPN, Citrix and Windows Virtual Desktop (WVD); and the biggest push has been to ensure all employees have secure VPN access set up in the home environment, as well as scaling our larger clients’ Citrix environments to again, support a 100% WFH workforce. Other issues we’ve seen and remediated have been around proper configuration of Remote Desktop Protocol (RDP) as well as ensuring end users have the proper permissions to do everything they would’ve normally done day-to-day in the office.
Our recommendation to the most progressive firms out there is to begin exploring Windows Virtual Desktop (WVD) as the future of secure remote computing. Eventually we want to move away from VPN and Citrix to WVD, but we understand it’s a complex decision-making and subsequent migration process so this will take time, and we’re helping our clients explore this avenue as our world continues to evolve.
High Level Review
- Review, test and iterate on your Business Continuity and Disaster Recovery plans.
- Specifically, review your cybersecurity and IT escalation chains and ensure each point of contact has a backup.
- Confirm contact information is up to date for key employees, especially mobile numbers.
- Understand which employees on your team have chronic health issues and identify any impact on your operational ability.
- As required by law, maintain the confidentiality of employees’ medical data, including the medical status and identities of diagnosed employees or family members of employees.
- Identify and communicate appropriate internal channels for varying types of corporate communications.
IT Operations Checklist
- When possible, provide company-owned devices for work-from-home employees and install the necessary security measures they’ll need.
- Train employees on how to set up their personal devices with the proper security measures. (e.g., VPN, Citrix, etc.) as well as the consequences of ignoring these protocols.
- Verify the required technology configurations for infrastructure, connectivity, and licenses – for VPN/Citrix, as well as voice and video/web conferencing (we recommend anything but Zoom), etc.
- Test users’ remote access.
- Publish “how-to” guides for basic remote access processes to proactively reduce the volume of calls your help desk will receive.
- Empower your internal IT team with the policies, training, and tools to manage the increased number of help desk calls, including the ability to verify the identity of employees via phone number authentication, challenge questions, and two-factor authentication.
- Consider setting up a separate, dedicated email or phone number that employees can use to report issues especially if problems persist.
- Implement device verification before letting these devices connect to their network.
- Verify personal and/or work-from-home devices have anti-virus software installed.
- Verify personal and/or work-from-home devices are patched and have the most current security patches.
- Perform device trust/vulnerability checks on devices before allowing them to connect via VPN.
- Restrict the ability to copy/paste or map drives from personal devices.
Cybersecurity Operations Checklist
- Determine how many people, if any, will be needed on-site to protect your network, including:
- Patching systems
- Conducting information security reviews of any new systems that need to be added quickly during this time
- Identify those needed to conduct investigations and remediation if a cyber event were to occur, and again, consider backup personnel.
- Conduct Incident Response Tabletop Exercises.
- Review and assess the impact on business operations of your partners, third-parties, and portfolio companies for private equity firms, and ensure their cybersecurity contingency plans are adequate.
- Identify employees who can and cannot access certain applications, servers, and databases remotely.
- Create whitelists of users and devices for your MSSP or Managed Detection & Response service to monitor activity and flag those instances.
- Monitor your VPN connection logs; they provide a timestamp of the connection, IP addresses, and amount of data transferred in bytes, helping you to detect threats, respond to incidents, and monitor digital assets.
- Implement coronavirus-specific phishing training and testing.
- Your company’s official COVID-19 updates should have consistent formatting, and do not include attachments or links so employees can more easily identify what is phishing and what is not.
- Stay on top of new vulnerabilities and scams by subscribing to various threat-sharing groups, including the CISA Alert service, FBI cyber alerts, FS-ISAC, etc.
Guidance for Employees
- Do not store documents locally on personal devices.
- Verify Internet connectivity and speed test to ensure your home networks have the appropriate speed to support voice and video calls.
- Ensure all the required applications are accessible remotely from your personal or work-from-home devices.
- Lock your device when not in use.
- Public wi-fi isn’t safe and opens the door for hackers to steal logins, passwords, and other sensitive data.
- Be aware of coronavirus phishing scams, as we’ve seen fake CDC updates, IT alerts and software notices that attempt to obtain your user credentials or install malware.
When in doubt, come back to people, process and technology. This framework will allow you to categorize, organize and prioritize. We continue to update this blog in real-time as COVID-19 unfolds and we encourage you to contact us directly for immediate assistance.