Telework Requires Tailored Incident Response Plans
Companies have incident response plans in place to help manage potential cyberattacks and other cybersecurity incidents. However, these plans often make assumptions that may be valid at the time but may not always be future-proof.
The sudden shift to telework undermined several of these assumptions in enterprise incident response plans. For example, consider the questions:
- How will the incident be detected and reported? With most of the workforce remote, an organization may lack visibility into employees’ computers and network traffic. Additionally, the help desk may be overwhelmed or unreachable via normal channels. Is the organization able to detect potential incidents in time to respond effectively?
- How do you reach key stakeholders and incident responders? Most organizations have policies and call trees in place to describe whom to contact in the event of an incident. But are these policies and numbers valid during telework or do they rely on access to desk phones? How do you ensure the accessibility of key personnel during an incident?
- Can you respond to the incident in person? Digital forensics on compromised systems can be vital to incident response, breach reporting, etc. However, during telework, it is not only possible but likely that an incident will originate with an employee working remotely. Are there strategies and tools in place for remotely collecting key data and performing forensic analysis with only an untrained user on-site?
These are only a handful of the ways in which a remote workforce can impact an organization’s incident response policies. As organizations transition to extended or permanent telework, answering these questions and developing new policies and procedures is a necessary part of cybersecurity and regulatory compliance management.
Testing Policies with Cybersecurity Exercises
Updating cybersecurity policies and procedures is only the first step in adapting to the surge in telework inspired by COVID-19. These new and updated policies are only effective and valuable if they actually work.
Cybersecurity exercises are a way to test the effectiveness of incident response policies and strategies before they are needed. Whether performed as a tabletop exercise, a simulated attack, or an in-depth penetration test, these exercises allow incident responders to identify gaps or errors in their policies and procedures before they are needed. This enables the policies to be corrected and optimized to ensure faster, more effective incident response if an incident should happen to occur.