Main Menu
MENUMENU
  • Home
  • TPG Electronics
  • Solutions
    • Information Technology Solutions
    • Cybersecurity
      • Awareness & Training
      • Cloud Security & Compliance
      • Information Security Consulting
      • Managed Security Operations Services
      • Penetration Testing Services
      • Governance, Risk, and Compliance
      • Risk Management
        • Understand Your Risk
        • Risk Remediation
        • Monitor Your Risk
        • Security Technology Implementation
      • Secure Software Development Life Cycle (SSDLC) Solutions
      • SMB Security
  • Services
    • Audio Design & Installation
    • Lighting Design & Implementation
    • Video Design & Implementation
  • About
    • Core Values
    • Leadership Team
    • Careers
    • Blog
  • Free Consultation
The Penn Group, LLC Columbus Ohio Logo
MENUMENU
  • Home
  • TPG Electronics
  • Solutions
    • Information Technology Solutions
    • Cybersecurity
      • Awareness & Training
      • Cloud Security & Compliance
      • Information Security Consulting
      • Managed Security Operations Services
      • Penetration Testing Services
      • Governance, Risk, and Compliance
      • Risk Management
        • Understand Your Risk
        • Risk Remediation
        • Monitor Your Risk
        • Security Technology Implementation
      • Secure Software Development Life Cycle (SSDLC) Solutions
      • SMB Security
  • Services
    • Audio Design & Installation
    • Lighting Design & Implementation
    • Video Design & Implementation
  • About
    • Core Values
    • Leadership Team
    • Careers
    • Blog
  • Free Consultation
  • Phone (614) 741-5306
  • Email sales@thepenn.group
  • Address 6986 Norton Crossing St. New Albany, Ohio 43054

Cybersecurity Lessons From Coronavirus

Home  ›  Cybersecurity  ›  Cybersecurity Lessons From Coronavirus

Cybersecurity Lessons From Coronavirus

coronavirus-cybersecurity

Coronavirus & Cybersecurity

I’m sure you’re probably either deathly afraid of the Coronavirus disease (COVID-19) or think that it is the biggest over-inflated media hype since the Swine Flu. Regardless of your instinct on the severity of the COVID-19, we can all tend to agree that the virus is something to be taken seriously. What is of particular interest to me, as the President & CEO of The Penn Group, is how seriously our leadership has taken the threat of a large pandemic. Largely unprecedented, the wide scale quarantine of individuals, coupled with restrictions on travel, commerce, and gatherings is truly something of a Hollywood film. These controls our leaders have placed are designed to keep us safe. An incredible step, given the consequences to the economic stability of the world. Yet, the unbelievable parallels between controlling a pandemic and keeping your organization secure continue to connect dots within my mind. The tradeoff between security and convenience. The continuity of operations with travel restrictions. The control of a rapidly spreading virus. Let’s dive in.

Convenience / Security

When securing your organization, one of the biggest things that must be considered is the tradeoff between convenience and security. The better the security of your systems, usually the less convenient it is for the users. This loss in convenience usually harms productivity, frustrates users, and undermines the reputation of security teams. Security experts have long fought battles with executives to help them understand that, without proper measures, the organization would be at risk. Sound familiar? The same can be said about the coronavirus outbreak. Our leaders have insisted that the cancelation of sporting events, large gatherings, etc. are necessary steps to avoid further losses. The problem is, without adequate information, the assumption is that there has been an overreaction to nothing. To take such a dramatic step, there must be merit to these controls. This is the critical security lesson. The communication of the why, especially when enacting unpopular security controls, is a critical step in ensuring your controls gain traction with stakeholders.

One of the more interesting and sensationalized aspects of this outbreak has been the violators of quarantines that have been put into place. Across the world, stories have cropped up of infected individuals intentionally violating the rules for reasons that may never be fully known. When one person violates the rules, everyone is put at risk of being infected. In information security, all it takes is just one person to click one wrong thing. The whole network would then be infected. You might point out that no one has died from a cyber-attack. The answer to that is: yet. Not all cybercriminals are created equally. Advanced Persistent Threats (APTs) are state funded hacking groups that seek to invade the most sensitive aspects of computing. Nuclear power plants, weapons, and critical systems such as utilities are controlled by aging computers. The security of these systems is paramount. We’ve already seen the CIA utilize hacking to undermine Iran’s nuclear program. The ultimate tradeoff between convivence and security, health and safety, and practicality and reliability will continue to dominate the minds of security experts and health experts alike.

Business Continuity/Disaster Recovery

Disaster recovery plans are one of the last things on the minds of business executives, especially in the midst of economic instability. Usually only required after a natural disaster or major cyberattack, the business continuity/disaster recovery plan has been cracked open by many large organizations. With the looming shutdown of travel, business, schools, organizations are scrambling to take appropriate steps to keep business moving. The business continuity plan focuses on the security goal of Availability. Keeping information and systems available to stakeholders during periods of crisis can cause an enormous amount of pressure on the organization, without proper steps being implemented beforehand. While the Coronavirus disease (COVID-19) is a real challenge facing our world today, more and more events like this will happen in the future. Preparing your organization to stay “online” is imperative.

Practically speaking, several steps should be taken to make sure your organization is ready for the impending shutdown:

1) Implement a VPN solution with strong encryption to allow for offsite access of your organizations systems. This method will allow for your users to continue work, without the risk of transmitting or spreading the virus. A few things to keep in mind about VPN implementation:

  • If your users use organization owned property, ensure that you have a information security policy to protect the information housed on the devices leaving your premises.
  • Implement a remote wipe feature, in the event of a remote termination. This should be coupled with a process to ensure your organization’s property can be returned during a specified amount of time.
  • If a user is using their personal device, but with VPN access, special measures should be implemented to ensure the users personal and work information remain segregated.

2) Ensure your data protection policies and procedures are updated to handle remote work. The classification and protection of your data is a paramount priority for your organization.

  • Implement data protection policies and ensure your organization’s employees and contractors agree to these polices prior to remote work.
  • Implement a remote wipe feature, in the event of a remote termination. This should be coupled with a process to ensure your organization’s property can be returned during a specified amount of time.
  • Establish a clear and secure communication pipeline to ensure all employees/stakeholders receive information in a timely fashion.

The Penn Group offers these services.

The Rapid Spread / Controlled

Coronavirus disease (COVID-19) is spreading like a worm. A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage. Wormable malware is one of the worst nightmares for information security professionals.

Stopping wormable malware without proper security controls implemented can be a near impossible task. Often, understaffed IT professionals are forced to unplug the entire system, stopping work entirely. In these situations, with drastic measures taking place, it can be difficult to clearly communicate to the general populous within the organization and at large about the consequences of maintaining the status quo. A certain element of trust must be introduced, with the understanding that the leaders of the organization have the best interests at heart. This is exactly what is going on with the coronavirus, and a lesson for all of us in crisis communications. No one would be pleased to come into work, after a frustrating 45 minute commute, only to find that they cannot work because the security team unplugged all of the computers. No executive would be happy to find out that the company would be losing millions per hour in lost productivity as a result of a security issue. No one is happy that sporting events are getting canceled, schools are closing left and right, and a general calm panic is ensuing within the leadership of the world. The point is, we do not all know the real dangers of this outbreak, so we assume that politics are at hand.

Conclusions are drawn in the absence of clarity.

When communicating about a major security issue, take careful note to explain the why, not just the what. These steps are more than necessary to ensure the safety and security of our world. It all returns to the tradeoff between convenience and security, only this time lives are at stake.

facebookShare on Facebook
TwitterTweet

Post navigation

« Your Debit Card Number Got Stolen. So What?
3 Steps to Protecting Yourself From Cybercrime In 2020 »

Leave a reply

Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Applications

  • Technology Integration
  • Audio Design & Implementation
  • Lighting Design & Implementation
  • Video Design & Implementation
  • Network Design & Engineering
  • Cybersecurity

 

  • Industry Experience
  • House of Worship
  • Enterprise
  • Small Business
  • Non-Profit

Our Commitment To You

You are not a number, but a partner

One of The Penn Group’s core values is Excellence. Our customers deserve our best, and nothing short. We are on a mission to create integrated experiences that just work. We are obsessed with delighting and inspiring through excellence. We bring out best. We develop the best people, and we deliver the best results, anything less is unacceptable.

Austin Harman, President & CEO

We’d Love To Connect With You

Search

Get in Touch

Find Us

Address
6986 Norton Crossing St.
New Albany, Ohio 43230

Hours
Monday—Friday: 9:00AM–5:00PM

The Penn Group, LLC Logo Footer

Unite Your Technology and Beat The Competition

  • Audio Design & Installation
  • Video Design & Implementation
  • Lighting Design & Implementation
  • Information Technology Solutions
  • Free Consultation
  • Contact The Penn Group

© 2022 The Penn Group, LLC.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. The Penn Group does not and will not sale your data. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT