More Related Content Similar to COVID-19: Strategies to Stay Secure and Ensure Business Continuity (20) COVID-19: Strategies to Stay Secure and Ensure Business Continuity1. COVID-19
Strategies to Stay Secure and
Ensure Business Continuity
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
2. In uncertain times, it's reassuring to know
that there are still things you can impact
and control.
Optiv is commi ed to guiding you through
these shi ing times by providing strategies
to keep your organization and employees
secure while ensuring business continuity.
TECHNOLOGY
• Closing the Remote Gap
• VPN Rationing
• Flexibility Mindset
• Endpoint Connectivity Strategy
• Encryption Best Practices
• Facility Networks
PEOPLE
• Eavesdropper Awareness
• Official Email Alias
• Work from Home (WFH) Best Practices
• Combating Disinformation
• Awareness Training
• Remote Meetings Strategy
To read our response to the COVID-19 pandemic, as well as other resources and actionable checklists,
please visit optiv.com/covid-19-response.
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
3. The increased use of video
conferencing solutions in today’s
WFH environment has resulted
in a ackers ‘squa ing’ on random
or known meeting IDs to listen in
on potentially confidential
conversations and meetings.
WHAT YOU CAN DO
• Set a meeting password
• Require a endees to announce/register themselves
• Receive email notifications if a endees are waiting for
you to “start” a meeting
• Manually verify who a ends the calls
And you were worried about people noticing the
framed Shrek poster in your home office.
1800BADACTORJill SmithCarla LaRue
Pat Lipule Kelsey Reynolds
Leave Meeting
Pamela Griggs
Andrea Sullivan Michael R. FergesunColin Black
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Learn More
White Paper
4. facilisis metus
ssa. Proin
bortis nisl ac
ula.
ompany.com
es@company.com
Sent: Thursday, April 2
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Sectetuer
adipiscing elit, sed
diam nonummy
nibh euismod
tincidunt ut laoreet
dolore magna
Sed diam
nonummy nibh
euismod tincidunt
ut laoreet dolore
magna
From: HR@company.com
To: Employees@company.com
Sent: Thursday, April 2
Integer lectus ante,
vehicula eu nulla
et, volutpat porta
mauris. Nulla sit
amet nunc vel justo
sollicitudin
imperdiet id auctor
eu est.
From: HR@company.com
To: Employees@company.com
Sent: Thursday, April 2
Create an email
alias so employees
can easily identify
official corporate
communications
related to how the
virus is affecting
the company.
From: HR@company.com
To: Employees@company.com
Sent: Thursday, April 2
Learn More
WFH Security Checklist
5. ANATOMY OF A GOOD WORKING FROM HOME ENVIRONMENT
Sit in a chair at a desk
Leverage an external monitor
Use a headset with a
microphone for meetings
Respect your office space
(dedicated area for work-related
items only to maintain its purpose)
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Learn More
WFH Security Checklist
6. Be aware of COVID-19
disinformation campaigns
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Learn More
WFH Security Checklist
7. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Ensure that WFH employees are aware of increases in:
SOCIAL
ENGINEERING
SPEAR
PHISHING
UNEXPECTED
MFA/2FA
PROMPTS
PHONE
PRETEXTING
COVID-19
DISINFORMATION
CAMPAIGNS
Learn More
WFH Security Checklist
8. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
REMOTE COLLABORATION
MEETING SOLUTION
Ensure team members know
how to use the solution
Determine the total number of
users the solution will support
Learn More
WFH Security Checklist
9. If the userbase is exceeding capacity,
a VPN rationing schedule can be
established where employees are either
recommended or required to access
the VPN during known windows
based on their job function.
For example, employees that can perform their work offline
most of the day can login to the VPN after core business hours.
Additional guidance can also be given to be mindful of
bandwidth usage and avoid large file transfers through the
VPN when possible.
8:00
Fri 3/27/20
9:00
10:00
1:00
3:00
VPN allotment #1
VPN allotment #2
Walk the dog
Virtual lunch w/ Carla
Work on projects offline
Exercise
WFH Schedule
6:00
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Learn More
White Paper
10. According to research by the consulting firm
Global Workplace Analytics, the amount of
work done remotely increased 173% in the
last 15 years.
2005 2020
And 3.6% of the total United States
workforce works from home at least
half-time under normal circumstances.
That’s 5,760,000
people, or more
than the population
of Minnesota.
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Source: https://globalworkplaceanalytics.com/telecommuting-statistics
Learn More
White Paper
11. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Adopt a Flexible Mindset
Shorten the normal
testing cycle and change
management to match
production changes.
Provide the best level of
risk assurance possible
given current conditions.
Clearly explain the
threats and risks that
the organization
might encounter.
Consider your
response plan to
adapt to all changes
in circumstance.
Tip: Get a slinky for your home office
Learn More
White Paper
12. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Closing the Remote Gap
1. EXPANDING WHAT YOU HAVE
EMERGENCY VPN PLAN
Avoid large
file transfers
Get more
licenses
Use virtual
editions of apps
Limit access to
sensitive tools
Learn More
White Paper
13. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Closing the Remote Gap
2. CREATE DIFFERENT METHODS OF ACCESS
Leverage existing solutions for internet-facing
applications as a template, then employ what
you can quickly and securely integrate from
any perimeter monitoring perspectives.
• Low-risk applications
• SSL browser proxies
• Multi-factor authentiaction
Learn More
White Paper
14. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Closing the Remote Gap
3. CHANGE YOUR ARCHITECTURE
There are emerging technologies that have a
great deal of scale, flexibility and have better
policy controls than traditional VPN solutions.
• Software-defined perimeter (SDP)
• Software-defined wide area network (SD-WAN)
• Secure access service edge (SASE)
Learn More
White Paper
15. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
A STRATEGY FOR ENDPOINT CONNECTIVITY TO NETWORKS
BEST
Company-managed and
compliant endpoint BETTER
BYOD endpoint connecting to a
company-managed virtual desktop
infrastructure (VDI) instance
GOOD
Bring your own device (BYOD)
endpoint validated to meet
baseline security posture
Learn More
WFH Security Checklist
16. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Ensure Corporate
Devices Have Drive
Encryption Enabled in
Case of Loss or Theft
Learn More
WFH Security Checklist
17. Consider disabling guest
WiFi and any other wireless
access that is not well
secured as users will not be
available to spot suspicious
loitering around your facility.
Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
Learn More
WFH Security Checklist
18. Proprietary and CONFIDENTIAL. Do Not Distribute. © 2020 Optiv Security Inc. All Rights Reserved.
To read our response to the COVID-19 pandemic, as well as other resources and
actionable checklists, please visit optiv.com/covid-19-response.