3 Ways To Increase Network Security in a Post COVID 19 World

The COVID-19 pandemic has created an environment in which hackers and other malicious cyber actors are gleefully thriving. They are exploiting all the current uncertainty and anxiety via ransomware attacks, phishing campaigns, social engineering and financially-motivated scams. Although we are living in unprecedented times, the cyber threats we face and the malicious actors are not new. But the singular focus on COVID-19 may make many organizations – and individuals – the proverbial fish in a barrel for cyber bad guys.

These attackers understand and target our current thirst for information to help us navigate this pandemic. A sudden, intense focus on specific topics such as local coronavirus case data or where to find face masks makes it easier than ever for bad actors to design a phishing email, scam, or other attack.

At the same time, organizations scramble to adopt remote-working best practices as employees move en masse from working inside a traditional office to remote environments practically overnight.

Companies now, for the most part, understand that cyber security threats are common, and have often done the right thing and taken measures to prevent them affecting their business communications and their business itself.

But they now need to adapt their defenses to the current environment of uncertainty and social distancing. Here are three of the most important things that need to be considered.

Adapt Your Ransomware Response Playbooks

In today’s threat landscape, you can’t just focus on preventing ransomware attacks; they must also have a robust strategy for how to react to such attacks. In addition, organizations should adapt their ransomware response playbooks for the current remote working environment.

For example, in the event of an attack, convening an organization’s key decision-makers in one room to strategize on response is not likely to be an option. Simple measures such as compiling the contact information and backup phone numbers for key decision-makers can go a long way.

Ransomware response playbooks should also outline topics such as whether or not the organization would pay the proposed ransom or seek outside help first, the legal teams the organization will work with for counsel and mitigation, and considerations for engaging with legal counsel other key players remotely.

Consider Network Visibility and Secure Devices

Most likely, very few organizations had plans to shift from in-office work to most staff working remotely in a matter of days. Network monitoring protocols that works in a traditional office setting may leave you in the dark in a remote working reality. A foundational step in understanding the risk profile is to first understand the network visibility available and adjust enterprise protocols as necessary to protect in today’s environment.

Another key tool at the disposal of managers is the trusted network list. In these unprecedented times, reducing the number of trusted networks and restricting user access can prevent credential attacks and keep your networks safer.

Maintain Employee Engagement

The coronavirus pandemic has already caused big swings in global markets, with a possibility of the steepest economic downturn since the Great Depression, according to the International Monetary Fund. Given the current financial volatility, we have already seen layoffs, furloughs and reductions in work hours, with other difficult decisions ahead.

In this uncertain time, critical in these times of increased emotional and economic stress that can lead to increased insider threats – intentional or otherwise. In addition to internal communications plans, you do need to consider the possibility of insider attacks.

This means ensuring that employees who are no longer working with you have their access to your networks terminated and that current employees are aware of security best practices while working from home. But do not expect them to go it alone.

Make arrangements for a remote re-training session on the basics and if they need new or updated hardware or software to do their jobs properly – everything perhaps from a new antivirus program to a better router – it really is your responsibility as an employer to provide it.

Using Access Control To Fight the Spread of COVID-19

Workplace managers across the globe, and certainly here in California, are starting to try to figure out how they can safely reopen their businesses as COVID-19 lockdowns ease, and they are being encouraged to get their employees back to work.

One of the biggest challenges is how to implement best practices preventing the entry of possibly COVID-19 infected individuals into their offices. While they can keep an eye on their own employees via things like temperature checks and access to testing it’s much harder to tell whether visitors may have been exposed to COVID-19, and are therefore perhaps putting those employees at risk. Masks help, but we all know that they are far from a perfect solution.

While access control security is generally the first line of defense in preventing unwanted human entry, until biometric sensors are sophisticated enough to perform instant disease detection, it’s not an option for preventing virus invasion. However, when integrated with identity management and visitor management systems, today’s access control can play a significant role in reducing the spread of contagion.

A Reminder of the Basics

The most obvious preventative practices are simply urging employees to wash their hands often with soap and water and simply emphasizing that employees stay home when sick, notifying the office if they do contract the virus.

But even if an employee or recent office visitor contracted the virus and followed the self-isolation advice of the CDC, an office manager would still want to know when these now-infected individuals last entered the premises, where they traveled inside and potentially who they met. The ability to effectively trace their presence and identify other occupants who potentially crossed their path provides a whole new level of digital forensics to aid prevention.

Integrating Access and Identity

This is where an integrated system of access control, visitor management and identity management could save time and potentially lives by providing HR and office managers with an accurate of record access for individuals in a workplace over a specific period.

Identity management serves as the authoritative source where an organization stores its employee information including network authentication, authorization, roles and privileges across a system or enterprise with the goal of increasing security typically under the IT or Cybersecurity umbrella (think login credentials, tools & database access).

When access control and credentials are integrated with identity management, the combined system records a history of the physical presence for any specific employee. On any given day, you can know if an individual entered a building, an elevator, a specific floor, even a particular room with enough reader placement.

Tracking Contagion Path

This is powerful data for an office or property manager to quickly identify other occupants who may have been exposed so, while respecting confidentiality, they can be instructed to get medical testing and stay at home. For an enterprise organization, integrated identity management and physical security can even scale across multiple buildings, states or regions to trace an individual’s steps within a building portfolio.

If access control is integrated with a visitor management system, the same tracking capability can be used for a visitor or outside consultant granted temporary access to the workplace for a one-time meeting or short project assignment.

The visitor is given a bar-coded “credential” tied to their contact information for entering approved spaces during pre-set time periods. This extends the data-based forensic capabilities beyond the employee base to all individuals accessing the premises.

While we may never see a day when a physical security system can identify and prevent the entry of a person carrying an infectious disease, we can use currently available smart technology to help reduce the risk of spread.

This is one very real, very current example where connecting HR / IT systems with physical security is advantageous, but there are many more use cases where the value is clear.

Leading access control providers like Data Installers, manage physical security for commercial properties, offices and multi-family buildings across our service area, and can help you create a system like the one we just described. Get in touch with us today to learn more.