Eight Actions CISOs Should Take Right Now

In my previous blog post, I promised more guidance on the next steps to consider taking now, while the pandemic is still upon us. Here are eight actions CISOs should consider taking.

Who moved my cheese… and my data?

Given the already-expanded attack surface, in my estimation it is never too early to look at lessons learned from the pandemic—and there certainly isn’t a shortage of teachable moments, right from the top down. Here are eight lessons for Directors of Security and CISOs whose organizations and livelihoods have been imperiled by the pandemic.

In the last blog post in this series, we explored the first three steps to delivering an excellent and secure customer experience: starting with a CISO, involving senior leadership, and adopting a risk-based approach. In this blog post, we’ll pick up where we left off and explore the final three steps.

When employees were first sent to work from home, organizations scrambled to provide work-from-home software, devices, and infrastructure. As we transition to a new normal, it’s now important to reevaluate the initial infrastructure laid to support remote workers against a lasting, best-practice architecture. In the last entry, I shared the first three pillars for a thriving remote workforce. Let’s now explore the final three pillars.

There is an old saying: “Make your first crisis not be a real one.” Never has that been more apropos than during the past few months, with the COVID-19 (coronavirus) lockdown and shelter-in-place restrictions that most Americans have lived under. Now, we have lived in crisis situations before, and COVID-19 is not going to be our last or only pandemic, but it has been unique because of its universal impact, with almost no one spared; its duration; and the tidal wave of change it has brought about in the way we conduct work, socialize, access information, participate in the political process, and protect ourselves both physically and virtually.

Business travelers and those who have traditionally worked from home have enjoyed the evolution of connecting via mobile apps for a while now. For some though, recent events may have just introduced them to the possibility of doing so. Let's take a closer look at some of these service types, and review ways to incorporate additional layers of security while connecting your newly remote corporate users to them.

Operating a remote workforce is no longer just a remote possibility. A work-from-home war is being quietly waged across many organizations throughout the country, as workers who were forced to quickly establish home office environments now wish to remain in their home rather than return to commuting to an office. This tipping point has deep and wide ramifications for organizations attempting to return to pre-COVID-19 productivity levels. 

As the world struggles with the fallout from COVID-19, all aspects of life are quickly changing. Millions of workers are now working from home or other remote locations outside of the normal security configurations of an office. Fraudsters are taking advantage of this disruption to actively steal information that they can monetize. In many cases, companies were not prepared to deal with a large work-from-home workforce, and when they transitioned their employees to remote environments, they mainly considered threats like phishing or cyberattacks.

Every 11 seconds, someone within the United States is infected with ransomware. That means that by the time you finish reading this blog post, almost 30 people will have their data locked and encrypted unless they pay a cybercriminal a ransom of hundreds or thousands of dollars (hopefully it’s not YOU!).