Back To The Blog

Remote Work and Incident Response for the COVID-19 Cyber Environment

Incident Response / June 01 , 2020

In the wake of the COVID-19 pandemic, the traditional workforce has largely transformed into a work-from-home workforce. With most staff now operating outside of secure office environments 100 percent of the time, organizations have to deal with an immediate shift in the cybersecurity landscape. Unfortunately, a new wave of cyber attacks via ransomware, phishing, malicious apps, and fake sites suggest cyber criminals are already finding ways to capitalize on newfound vulnerabilities.

To prepare for this new reality, organizations need to make sure their remote workforce is equipped to defend against cyber threats by:

  • Communicating Remote Work Policies and best practices
  • Reevaluating Cyber Incident Response Plans
  • Preparing Cyber Incident Response Teams for remote response

Preparing Your Workforce to go Remote for the COVID-19 Crisis

With workers operating on home networks from personal devices, your organization will inevitably experience increased cyber risk. As a first step, make sure you have adequate remote work policies that are clearly communicated. Advise your employees to take the following precautions to boost protection of sensitive company data and operations:

  • Use WPA2 settings on home wi-fi routers
  • Change all passwords, including those on the router
  • Update and patch software on all devices used for work

Now would also be a good time for a refresher course on cyber awareness. This should train employees on how to:

  • Protect personal and professional information
  • Recognize phishing emails and suspicious links
  • Secure home networks
  • Install endpoint security on all devices used for work

In addition, make sure your team knows how to remotely connect with IT support in case they encounter any security problems.

Responding to a Cyber Incident Remotely

In a recent sit-down with Atlanta based law firm Troutman and Sanders, Cybersecurity and Data Compliance Attorney Ron Raether shared some insights on how companies can adjust incident response plans for the COVID-19 pandemic and the new cyber risk environment.

Back view of an employee working from home on a zoom conference with other remote team members.

First,” Raether recommends, “remind employees how to report actual or suspected security incidents.” Part of this will mean evaluating whether or not your reporting protocols need to be updated for a remote workforce. “If everyone was supposed to get together in a room during a cyber event, then you need to have a tool to do this virtually.”

Second, ensure that contact information is updated for the virtual workplace, both to report an incident and to contact cyber incident response team members who can no longer be reached at their office phone numbers. Make sure your team knows the chain of command—who do they need to notify and in what order?

Third, Raether points out that, just like we back up our data, we need to back up our team members. “Given how rapidly the COVID-19 infection can spread, having backup teams is critical. If you normally have one person designated for legal response, another for business response, and another for IT, and so on, you now need to have number two, three, and four,” Raether says.

Although it’s a bit unsettling, you can’t predict when a colleague may fall ill and you need to make sure someone competent is ready to carry out his/her tasks.

Preparing Your Cyber Incident Response Team

Cyber incident response teams will also be an indispensable asset as your organization designs new communication channels, remote work policies, and employee training programs.

“As always,” says Mr. Raether, “they should be familiar with their roles and responsibilities. It’s important to remind them, though, amid the crisis situation. To that end, IT personnel should also prepare to ramp up certain cybersecurity tasks, such as audit log review and attack detection.”

Your cyber team needs to be equipped to monitor and guard against threats that originate on personal devices and migrate to threaten enterprise networks.

Raether also reminds us that, with offices empty all over the country, it may be necessary to set up alternative incident reporting protocols. If you have a 1-800 number and/or dedicated email for reporting incidents, make sure someone is consistently monitoring these messages.

Managing Remaining Risk

Thankfully, many vendor incident response functions, including forensics and breach coach services, can be performed remotely. However, in some cases, you may need personnel onsite during or following a cyber incident. For example, for a system rebuild after a ransomware compromise. If there’s a stay-at-home order, if a quarantine is in effect, or if staff members are ill, you need to consider how these onsite functions will be managed.

Very few IT, cybersecurity, legal, or insurance experts accurately predicted the severity of the global health pandemic, nor the new cyber risks that would come with it—organizations are now playing catch up to shore up vulnerabilities. Communicating remote work policies, retraining staff and incident response team members, and appointing personnel backups are some of the key measures organizations should take to prepare for this new cyber risk environment.

To learn more about new cyber risks and preventative measures, read NetDiligence report COVID-19: Rising Cybersecurity Threats.

Related Blog Posts

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.


© 2024 NetDiligence All Rights Reserved.