“To be prepared is half the victory” – Miguel De Cervantes
Maj Gen Paul Capasso, USAF ret., is no stranger to disaster. Here he draws on his experience as a senior military leader, including his time as commander of Keesler Air Force Base in Biloxi, Miss., in the aftermath of Hurricane Katrina, which left two-thirds of the base underwater and three of every four buildings damaged. The base was rebuilt while vital operations were maintained and re-engineered.
Like a thief in the night it struck. The new coronavirus and the COVID-19 disease it causes took the world by surprise. Individuals and businesses felt the wrath of an invisible foe moving across the globe. Like bowling pins falling from a perfect strike, countries fell victim to death and destruction. Borders closed, quarantines were implemented, metropolitan areas slowed to a halt, and the global economy came to a near standstill.
A key part of any recovery effort involves looking back at how well we prepare and where we come up short. Where our readiness plans work, and where they don’t. Similarly, when we look back to analyze this pandemic, we will develop lessons learned on how some businesses survived and others did not. For many, it will be a painful memory.
Some small businesses like restaurants have changed their business model from dining-in establishments to take-out and delivery to keep their businesses alive. Doctors have implemented virtual tele-healthcare services instead of patients going to the hospital. Some businesses have developed alternate work schedules to limit social contact, and many companies took advantage of working from home.
Yet even now, in the age of the internet, when teleworking should be second nature, many companies haven’t implemented this capability and were unprepared when government and healthcare authorities issued guidelines for social distancing. Whether you are currently up and running or new to teleworking, I offer the following lessons learned for your consideration in the present crisis and as part of your disaster preparedness planning:
- Think cybersecurity FIRST. Telework and remote access technologies often place protected networks at greater risk. Attack surfaces increase and networks are more susceptible to malware and phishing expeditions as more people telework.
- Develop a telework contingency plan that outlines roles, responsibilities, instructions, and considerations to mitigate and recover from risks and threats.
- Develop a recall roster for your entire organization. The safety of your people are your first priority. Your roster should include not only phone numbers but addresses of each employee. In addition, you should designate mission-essential personnel who must report to work locations during the crisis and those personnel who must telework.
- Communicate with your employees. Ensure they know what is to be expected of them when teleworking. Determine what applications can be used. (YouTube and Pandora are not mission essential.)
- Identify and take inventory of the information systems and data that are vital to your company. Restrict system access to authorized users and implement a more stringent role-based access control plan for these critical systems.
- Make cybersecurity a TOP priority when designing your teleworking architecture. Determine what equipment/infrastructure will be required (hardware, software, bandwidth, VPN access) to stand-up this capability. Telework solutions offer different capabilities such as online meeting recording, file and screen sharing, instant messaging, and scalability. Remember, during a crisis, everyone is fighting for the same network resources. Keep your computers and mobile devices patched and updated. If you are using your home computer, ensure you are following organizational security policies.
- Review, update and test your plan quarterly.
Howard Ruff sums up the importance of preparation nicely: “It wasn’t raining when Noah built the ark.”
I revisited a more recent flood story a few years ago. I said then and still believe that Keesler AFB’s recovery from Hurricane Katrina wasn’t a story of brick and mortar. Rather, it was a story of people – families, neighbors, friends, volunteers, and concerned citizens across the globe who came together in the face of adversity.
Meeting the coronavirus challenge will require a similar story of unity, cooperation, and shared sacrifice, a story that is even now being written with each passing day. Part of that story needs to be planning for the future now so as not to be caught unaware the next time disaster strikes.
The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.