As businesses across the globe scramble to adapt to the new conditions brought on by the COVID-19 pandemic, a robust and agile approach to information security plays a vital role in any organization’s readiness strategy.
To this end, cybersecurity experts representing CBTS and Cincinnati Bell recently hosted an information security panel to discuss the challenges facing enterprises across various industries, while also answering questions from attendees.
The panel was moderated by Hope Thackery, director of security programs for CBTS, and included Brandon Bowman, VP of strategic services for CBTS; Leo Cronin, VP and chief security officer for Cincinnati Bell; Justin Hall, director of security consulting for CBTS; Ryan Hamrick, principal information security consultant; and Mobeet Khan, national director of IT security practice for OnX Enterprise Solutions. In the interest of sharing valuable information, providing helpful perspectives, and encouraging collaborative communication in these difficult times, the panel experts shared their thoughts on the most pressing information security issues facing enterprises today.
Being prepared for potential security risks is a common tenet in the world of information technology. Still, few were able to predict the effect that COVID-19 could have on the economy, the telecom industry, and the concept of remote work access in general. However, effectively assessing risk ahead of time can help prepare a company for the unexpected, Cronin explained.
“We anticipated pandemic issues, but nothing on this scale whatsoever,” Cronin said. “But, I’d like to say that the framework we put into place has served us pretty well. It’s given us the ability to be flexible, adaptable, and separate out the operational response from what has to be done from the rest of the organization.”
The COVID-19 outbreak required many organizations to find ways to implement remote access capabilities for their employees without compromising information security. Cronin said that in these situations, businesses should lean on their security staff or consultants to help make these pivotal decisions.
Cronin added that basic principles such as agility, flexibility, and close cooperation between security and operations teams could help an organization better prepare and recover from disruptive incidents.
Although businesses are changing the way they operate day to day, phishing, hacking, and malware activities are still a clear and present danger. Even during an enterprise-wide shift toward remote accessibility, organization leaders should keep their guard up for familiar cyber threats, Cronin said.
“We’re concerned with increased phishing scams and malware activity across the environment,” he said. “We’re spending a lot more time monitoring the environment versus focusing on projects to move the security program forward, but haven’t really seen a major uptick in shenanigans out there, but we do anticipate, as this thing moves forward, we’re going to see some more activity that we’ll have to respond to.”
Even now, with meetings moving out of the conference room and into video chat rooms, threats to productivity and information security remain. Hamrick explained that serious intrusions like phishing and social engineering, as well as less impactful disruptions like intruders finding their way into public Zoom calls, are still risks to take seriously. “It’s important to also note that phishing scams are not just performed these days via e-mail. More and more phishing happens via mobile applications and messages,” Hamrick said. “You’ll get a lot of app notifications that would actually be a phishing notification from a somewhat malicious application you may have installed on your mobile device, so it’s important to control that from a mobile device management perspective, as an organization.”
Despite the difficult challenges brought on by the COVID-19 crisis, the global business community is finding an opportunity to learn valuable lessons and evolve standard security practices to fit the “new normal.” The panel shared several examples of what has been effective in their efforts to keep their networks safe during the pandemic.
Cronin recommended multi-factor authentication (MFA) certificates, which can help make a work-from-home transition smoother and more secure. Hall touted the importance of a proactive risk assessment. This means going beyond the baseline considerations of what external factors could cause damage to your organization and seeking input from other members of your industry. It’s crucial to start planning now and to not wait for catastrophe to happen, Hall added.
View the full webinar on COVID-19 information security best practices.
Learn how CBTS can help your organization on their security journey.