COVID-19 has disrupted almost every aspect of daily life, the workplace being no exception. For businesses in the security industry, it is especially important to adapt to the changes and offer timely, effective solutions. Here are three major areas that security teams should focus on after a workplace disruption.
Employee Health and Safety
Employees are the backbone of a good company and they should be a security professional’s first consideration during a major crisis. However, because they are so essential, workers can also be the most vulnerable points of entry into a company. Your security team should be aware of the current physical, mental, and cyber health of workers.
According to OSHA, the security industry should follow federal, local, state, tribal, and/or territorial guidelines (SLTT) for a safe workplace and incorporate them into their procedures and plans. Consider these basic factors:
- Routine sanitation
- Social distancing
- Hand washing
- Mask wearing and/or respiratory etiquette
- Flexible scheduling
- Promotion of employee self-monitoring
- Education about symptoms
In a worldwide crisis, workers and employees may be feeling anxious, confused, overwhelmed, or scared. They may also have family members who are ill. It is important for managers, including those in the security industry, to be willing to accommodate questions and provide clear communication to their workers in order to dispel anxiety and help reduce stress.
It is more important than ever to educate workers about safe digital hygiene practices in times of crisis. Employees are more likely to be in a high emotional state, which can make them more susceptible to socially engineered attacks. Education is the best antidote to phishing scams. In the case of targeted scams, such as the attack following the passage of an aid bill in the U.S., educational resources could save employees from exposing themselves and the company to a malicious threat.
As organizations and governments fight to stop COVID-19, they may solicit information about employees. They may want to know how many workers are sick, if they have ill relatives, and/or if they are traveling to visit family. The security industry should be at the front line of this interaction and ensure that any information recorded or shared is the minimum amount needed and in compliance with the law.
Work From Home Best Practices
In a survey of remote workers, 98% replied that they would like to keep working remotely, at least part-time, for the rest of their career and 97% replied that they would recommend it to others.
Working from home is here to stay. Whether you were pushed into it by the current crisis or already had remote work arrangements, remote workers need to follow best practices to stay secure.
Working from home presents unique challenges to the security industry, especially for businesses that rushed into it as the result of a workplace disruption:
- Workers accessing work-related content from their personal devices
- Implementation of multi-factor authentication and token-based login
- Security of endpoints and storage of critical information
- Installation of anti-malware software on corporate and employee devices
- Security of workers’ homes and living situations
- Security of employees’ home networks
- Server load and network capability
- Security of third-party tools such as Zoom or Google Docs
Cyber Security and Cyber-Physical Security
Securing a cyber-physical ecosystem is difficult under normal circumstances, and COVID-19 has accelerated and complicated that goal. Professionals in the security industry may want to consider a complete re-evaluation of their software tools. Here are five suggested areas of focus:
Many businesses employ third-party vendors or contractors for their security needs. Given the sudden nature of the crisis, it is important for security professionals to know what their vendors are doing to address the issue. Asking specific questions, requiring detailed action steps, and understanding vendor security policies are the best ways to ensure that vulnerabilities are not being exploited outside the business.
Cyber-Physical Ecosystem Vulnerabilities
Internet of Things (IoT) and Cyber-Physical System (CPS) devices are becoming increasingly popular in homes and workplaces. In addition, smartphone voice assistants sit in everyone’s pockets. Increased concern about data privacy has increased awareness about these security vulnerabilities, but it is important to be aware of them in the company.
It may be easier for a company to rely on an automated system or device to get through the crisis, but a security team should make sure that the device is secure, especially if it is handling sensitive information.
Surveillance Blind Spots
The biggest cost for many industries when it comes to a workplace disruption is decreased productivity, but in the security industry, the cost can be the creation of gaps in surveillance and/or monitoring. Teams that have been relocated or disrupted should re-evaluate their logs and surveillance solutions to ensure they aren’t missing any blind spots that may have resulted from the disruption.
This past March in France, a hospital was the victim of a distributed denial of service (DDoS) attack. While it did not last long or cause any permanent damage, it resulted in a temporary restriction of internet access that denied remote employees access to the hospital network.
Security professionals need to make sure their network is resilient to DDoS and RDoS attacks. This is especially important in a crisis because remote tools are often the first tools that businesses turn to during a workplace disruption and they depend on the stability of the host network.
There will always be those taking advantage of a crisis to collect ill-gotten gains, which makes it essential not to forget building security in a world so focused on digital security. A good alarm monitoring system can act as a useful deterrent, but it can also be complicated to set up and difficult to monitor remotely. Our alarm monitoring solution reduces downtime and helps separate false alarms from the real thing, which is exactly what security professionals need to have confidence that their alarm system is functioning properly.
There is no easy way to respond to a crisis and a failure to adapt to major workplace disruption in the security industry can have dire consequences. By focusing on all aspects of employee health, including digital awareness, work-from-home best practices, and the re-evaluation of the cyber-physical ecosystem for vulnerabilities, security professionals can empower workplaces to survive and thrive during and after the crisis.