As news of the spreading coronavirus disease, or COVID-19, continues to dominate headlines, IT organizations must prepare in the event various team members get sick and are unable to perform their duties. This is especially true for cybersecurity teams. While cybersecurity technologies and networks are not likely to be affected in a pandemic, the people who manage cybersecurity may be unable to perform their duties. As such, IT leadership must be prepared to cope with a possible cybersecurity staff shortage due to illness.
Many lessons learned during the H1N1 pandemic in 2009 can be applied today. Perhaps the most important is ensuring people are available to manage business operations in the event of widespread illness.
Read on for guidance on how to prepare for potential impacts from a severe reduction in security staff and ensure cybersecurity operations in your firm remain uninterrupted.
Add these to your cybersecurity pandemic planning checklist
In addition to people issues, other supporting initiatives can be performed to ensure that cybersecurity management activities can be maintained and, if interrupted, quickly recovered and restarted.
Let's examine each of them:
- Policies. Pandemic planning cybersecurity policies may be the same as existing information security policies, or existing policies may need to be updated to reflect cyberattacks and their consequences.
- Procedures. Cybersecurity operating procedures should be documented and kept current, based on experience from actual events, plus updated knowledge from vendors, consultants and the media.
- Succession planning. Create a skills matrix listing key cybersecurity personnel and their roles, and then identify employees in the IT organization who can back them up in case of an emergency. Use this data to identify opportunities for cross-training of employees, external training in specialized areas and vacancies that may need to be filled. Aim to have at least one, but preferably two, people to back up key cybersecurity team members.
- Firewall rules updating. Ensure firewall rules are as current as possible, updating them perhaps even more frequently if it appears a pandemic could affect the firm.
- IDS and IPS management. Ensure intrusion detection and prevention systems' rules and other protocols are current and reviewed more frequently with an impending pandemic.
- Network vendor coordination. Check with network carriers, including local access, internet access and WAN services, on their plans for dealing with an impending pandemic to ensure there will be no interruption in network services.
- Cross-training. Consider cross-training employees with an interest and aptitude in cybersecurity procedures on how to operate security systems and applications and the sequence of activities to perform during a suspected attack.
- Cybersecurity plans. Ensure the cybersecurity or information security plan is up to date and documented with all necessary data to respond to a cyberattack. If no cybersecurity plan is in place, prepare one as soon as possible in advance of a pandemic. Be sure to exercise cybersecurity plans to ensure all employees charged with cybersecurity know their roles and responsibilities in an attack.
- Incident response plans. Similar to a cybersecurity plan, an incident response plan delineates the steps to take when identifying, analyzing and mitigating a potential cyberattack. Ensure primary and backup cybersecurity team members are familiar with the plan, and conduct regular plan exercises.
- Cybersecurity software tools. Many cybersecurity tools are available, ranging from stand-alone applications to suites of systems that provide extensive cybersecurity management of all security functions and resources, regardless of location and manufacturer. Be sure the appropriate tools are in place and management of said tools is well known by backup staff to keep systems running as usual.
- Use of consultants and vendors. In a situation where cybersecurity employees suddenly are not available due to illness, consider working with consultants and vendors to see if they can supply interim on-site and remote expertise during a pandemic.
- Use of interim staffing services. Staffing firms may have access to qualified and experienced cybersecurity talent for interim deployments. Note, this may be a challenge, as many other firms may also be seeking short-term cybersecurity assistance.
- Working from home. Even if employees are sick, they may be able to provide remote technical assistance in an emergency. Ensure that they have remote access to cybersecurity tools and team members. Be sure to review VPN demand and support because a sudden surge of remote users could overload the network.
In addition to the above guidance, acquire copies of relevant materials from the Centers for Disease Control and Prevention, Federal Emergency Management Agency and other local, state and federal government agencies.
While the potential disruption to businesses from a pandemic can be significant, good hygiene -- both security-wise and health-wise -- and attention to situations that could introduce germs into an organization can reduce the likelihood of a severe health disruption.