cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Have we learnt lessons during COVID-19?

Hi All

 

Many of us, must have learnt many lessons during COVID-19 or are still in the middle of tackling it?

 

What lessons do you think you or your organisation has learnt coping with it?

 

https://www.sdxcentral.com/articles/news/top-3-pandemic-security-lessons-learned-so-far/2020/06/?utm...

 

Regards

 

Caute_cautim

 

 

5 Replies
dcontesti
Community Champion


@Caute_cautim wrote:

Hi All

 

Many of us, must have learnt many lessons during COVID-19 or are still in the middle of tackling it?

 

What lessons do you think you or your organisation has learnt coping with it?

 

https://www.sdxcentral.com/articles/news/top-3-pandemic-security-lessons-learned-so-far/2020/06/?utm...

 

Regards

 

Caute_cautim

 

 


So read the top_3 and not feeling these are lessons learned during Covid-19, believe that they may be re-enforced but should have always been of concern (MHOO).  I was and still am concerned about the security of the home devices

 

My concern with all of this, is that management have an issue remembering things and that the lessons learned during this time will be quickly forgotten.  Sorry I have little faith in management doing the right things going forward. (Maybe I am just old and jaded).

 

I am concerned about folks that are on furlough and when they come back start opening the mail that has been piling up.....we never know what is hidden in there.

 

d

 

Caute_cautim
Community Champion

@dcontesti   So what do we need to do to remind them of their responsibilities or legislation i.e. in New Zealand it is the Companies Act.   Do you have similar legislation elsewhere?

 

Regards

 

Caute_ cautim

denbesten
Community Champion


@Caute_cautim wrote:

What lessons do you think you or your organisation has learnt coping with it?


If you were prepared for employees to work from a coffee-shop (including awareness training, device hardening and remote access), the I.T. aspects of Covid were reasonably easy.  Much tougher are the employee safety implications, especially on the manufacturing floor.

 

To me, the primary I.T. lessons learned center around BCP:

 

  1. Multiple failures happen.  Who would have thought that while fighting a global pandemic, police reform protests would become a global thing too?  Be prepared to divide-and-conquer. In DR exercises, strategically pick a person or two who has been hospitalized with only the room phone to "answer critical questions".
  2. Prepare for big failures.  I don't think I will be getting quite the strange look next time I ask "what if the whole primary data center fails?"  Having one "hero" is not enough. Recovery needs scale.  Scale needs automation, or at least simple procedures that can be handed to a room full of neophytes.
  3. Be prepared to scale anything. When you are gifted with money to scale remote access 10x, how would you implement it within 3 days?   If you double the customer-service staff overnight can you supply prepared answers/procedures/resolutions for the top 20 questions? Triage instructions for the top 100?
  4. Understand business priorities. Almost everywhere, making money to meet this weeks payroll is at the top.  And "security" is more about protecting the income for next month's payroll.
  5. Hire talented people that tend to "run towards fire" and "lend a hand", especially across disciplines.  
ericgeater
Community Champion

Our org weathered things fairly well, in terms of the enterprise managing the sales slowdown.  We in IT learned a lot about PC hardening, which was our greatest security concern when converting to WFH.  I would definitely include that as a sub-point in the second bullet.

-----------
A claim is as good as its veracity.
rslade
Influencer II

I could write a book on it.

 

So I am.

 

(As well as having created half a dozen presentations on specific areas of security that we can learn "Security Lessons from CoVID-19" from ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468