Straight Talk On Mid-Pandemic Cyber Security


I have been thinking for a couple weeks now on what I wanted to share, how it should be shared etc.. I am glad I thought instead of wrote and shared in haste.

As it relates to enabling knowledge workers to remain productive and  secure while remote, It should have been a non-event.

What I’ve seen is propaganda by vendors, reaction and regression with clients. None of it was necessary. That said, we do have many clients who have done a world class job preparing and reacting.  They knew enough to look for help ahead of time and that says a lot!

Clients have repeatedly asked me what does this mean for CyFlare and how will it effect service. Even when the questions came to us early and a few details were still to be laid down internally, the answer was still quite simple because the answer is the same for us without the pandemic situation.

We have policy, we have controls, monitoring and an incident response plan in place for 365 days a year, not for a pandemic. We had to write a couple internal / external communication emails and deployed updated hardware to staff is really the net of the impact for us at least.

The Point

In the cyber security context, today’s “remote workforce” problem is not due to the Pandemic, it is due to an organizations collective failure to do the right things one day at a time over the last few years.

How do projects get years behind? One day at a time is the answer. To follow that up, there is a polish saying of “Sleep faster, we need the pillows”.  Therefore, it cannot be expected to rush through what should have been years of planning and doing into a couple of days of scrambled activity.

Transitional Starter Kit

There is no silver bullet but here are things that just have to be done. It does not have to be hard or expensive either. For the resources responsible for IT and / or Security here is some straight talk guidance:

People and Process Items

All organizations have varying levels of maturity, compliance drivers, associated risks, personality, culture etc.. The reality of the list below is that you have done, will do or will not do them will certainly vary. That said, they simply all need to be done.

  1. Determine but prioritize your organizations goals and fears
    1. Identify what your organization is trying to do, why and when
    2. Take inventory of what your organization fears as it relates to security, compromise, loss of data, systems etc…
  2. Communicate and educate leadership
  3. Ask leadership for decisions
  4. Create / Update Info Security Policy and basic related procedures
  5. Get informed about departments, roles, systems and needs
    1. Helps identify least privilege strategy
    2. Helps prioritize access and deployment

Security Control Related Items

    1. Protect your accounts!
      1. Enable MFA, like seriously, enable MFA
      2. Monitor every system you care about for authentication & action activity
      3. Know your accounts
        1. Who does what, when, from where, to what,etc..
        2. You need to know your baseline / normal otherwise you wont know the anomalous
    2. Deploy Full Web Proxy – Cloud Based
      1. Every connection to / from the internet must be fully inspected
      2. Every machine, protected from anywhere, same policies, everything logged
    3. Deploy Advanced Endpoint & EDR
      1. Last line of defense – make it a great one
      2. control usb & bluetooth, enable firewall etc..
      3. Ensure you have visibility to everything on the endpoint
    4. Kill your end user VPN, There is a better way
      1. Connect your people with apps intelligently and far more securely
    5. Know your vulnerabilities
      1. Scan your systems, get them patched / updated
      2. This is inexpensive and easy to do
      3. Start with public facing apps, machines, etc..
    6. Monitor everything you decided you cared about (or feared)
      1. Get in the knowing business, collect knowledge
      2. Determine Metrics

Continuous Improvement

Take your knowledge and metrics and apply them back through the mentioned steps.

Current events are forcing a scramble to do what should have been done all along. A proactive cyber security program and vigilant execution of it is not optional. Several well known frameworks exist to highlights layers of detailed directives to address many other processes, activities and controls that can take you further.