Head of Information Security at Directly, Inc, leading and managing a cross-functional annually audited information security program.
getty
Since the beginning of the Covid-19 pandemic, which will define my generation, we have been living a "new normal." More than anything else, Covid-19 has accelerated the digital transformation journey of many organizations around the world, and we may never be the same again as a society.
Since the times of traffic delays while commuting may be gone forever, I will discuss three ways the security and technology functions can facilitate business resiliency in the midst of the pandemic, keeping in mind how company policies and procedures can apply to employees even when they work from home.
Cloud First
Many organizations that did not have any on-premise services and had all their services hosted on the cloud, like in my current role, did not miss a beat when all employees were forced to work from home due to the pandemic. The first time I was exposed to a cloud-first company was in 2014 when I moved to Silicon Valley and accepted an offer to work as a senior security engineer for a company that did not have any data on-premises. None, zilch, nada. We used to joke that the internet was our network.
Six years later, the cloud-first concept is no longer a novel idea and maybe the primary reason one's business is still afloat despite the serious impact of the Covid-19 pandemic. If your organization is still dealing with many data and services on-premises, this has to be one of your highest priorities. Get securely to the cloud. After much resistance, even the U.S. military had to start migrating services to the cloud securely. It can be done and will save the organization a lot of money in the long term. It just makes business sense.
Centrally Managed Mobile Computers
Another critical factor in being resilient while working from home is providing fully secure modern mobile endpoints to employees. In the past, I have worked for organizations that only provided wired secure desktop computers to their new employees. Doing so during this pandemic will force employees to use personal, unsecure, unmanaged home computers, which could be a significant risk to the organization. Investing in secure mobile devices allows the employees to connect to the organization's cloud infrastructure securely from anywhere in the world with an internet connection.
By providing employees with centrally managed mobile computers, an organization also ensures that computers maintain an acceptable cyber posture. Computers must be securely maintained, frequently updated with security patches as they are tested and become available and have sufficient controls to safeguard against malware or potential intrusions. I used to work for a company that had an agreement with the Apple Store to allow any of their employees to purchase a MacBook computer at any Apple Store by simply charging the new computer to the business account in case of a crisis or unplanned emergency. Being forward-leaning on security and IT capabilities will return high dividends in times of crisis.
Securing Remote Workers' Internet Traffic
Finally, a meaningful way to maintain resiliency during the pandemic is to ensure that employee computers' internet traffic is fully encrypted from end-to-end while connecting to the organization's cloud portals. Many employees may have relocated since the pandemic. There is no way to guarantee the state of the internet connection used by dispersed employees. Some members may be using an unsecure public Wi-Fi or a misconfigured internet connection at home. Although most web connections to enterprise-level applications are now secure by default, many installed applications may not be. Therefore, it is crucial to provide a way for employees to securely connect to the internet, significantly reducing the risk for man-in-the-middle attacks or sensitive data leaks.
IT and Security should remain top of mind even while going through a pandemic and related economic downturn. Investing in security and IT infrastructure can make a business resilient during an unexpected disaster. It might cost the company upfront to securely migrate to the cloud, provide centrally managed computers to employees and secure remote workers' internet traffic. Still, the ROI may allow one's business to remain afloat amid the chaos created by the "new normal." Business leaders should not merely focus on the bottom line but be mindful of the real risks, including security and IT risks, that may significantly impact the viability of their businesses.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
