Stay safe. Our IT systems could be the lifeblood of our organisation
The next period of remote working conditions will be a challenge, so it is important you are not caught up in the commotion of the situation and compromise the safety and security of your organisation.
Every adverse situation brings out both the best and the worst in people. Unfortunately, in recent weeks and continuing into the future months, breaches of networks have been and will become more common and potentially more far reaching as organisations depend on their IT systems like never before.
Some recent examples are:
- Emails being sent to employees, prompting them to go to external links which promise urgent or new information on COVID-19. On Friday, the ACCC issued a warning on increased COVID-19 scams. With many emails impersonating trusted organisations like the World Health Organization and the Department of Health.
- Taking shortcuts when uploading software to their servers by using cloud functionality rather than previously implemented security protocols.
- Failing to have a contingency plan for critical IT infrastructure, including IT staff.
Some simple protocols should assist.
The first of these is taking due diligence with all communication. Emails from government departments regarding COVID-19 are recognisable by the email address (just click near the ‘from’ line to reveal the full address) and will nearly always cover all essential information on the email rather than on an external link. Should you be unsure about the link, stick on the side of caution and don’t click. Encourage your workforce to be extra careful about where they go for information and this includes social media as a sole source of truth.
Don’t sidestep your existing security protocols to upload data to a server faster. They are there for a reason and now is not the time for speed over security.
Cyber security risk from attackers isn’t the only risk faced in these challenging times. Enabling a full work force into remote ways of working adds some unique challenges.
Scaling up remote access to support staff working from home can put undue pressure on service desk staff, network staff and IT support staff who may be feeling the pressure in this unprecedented and changing landscape. Moving more and more services to be internet facing as fast as possible is one solution but again remember ensuring the cyber security rigour of deploying services is paramount to ensure this doesn’t expose the organisation to the risk of compromise.
Not all staff can work remotely and some mission critical services require staff to resource data centres, network operations and security operations. How do you plan for when staff from your Security Operations Centre gets sick? These staff are critical for keeping the organisations services securely operating. Special measures need to be adopted to enable staff to continue to go to work, but at the same time, factoring in what to do when a colleague gets diagnosed, which would force all staff into isolation. Splitting teams is a good way to keep critical staff safer – one team in the office one week and at home the next week.
Extended remote working can feel isolating to some people so checking in with each other, especially during these uncertain times is important.
Above all, stay safe. Our IT systems could well be the lifeblood of our organisation.
For a detailed check list for your IT systems, visit, What the CIO and CISO can do to help.