As more organizations move to a work-from-home business model in response to COVID-19, the increased security risk of remote work reinforces the need to update your security incident response plan.
Use these handy points below to keep your security incident plans current with today’s state of affairs.
- Update contact information for the (now) remote team. Compile a list of key stakeholders and their contact information in the event that one communication channel (e.g. email) goes down. Distribute information on a need-to-know basis.
- Standardize the method of communicating with IT. With a dispersed team and several collaboration tools to choose from, prescribe communication channels that business units can use to contact IT. As a result, this will limit distractions to the IT team and enable them to answer inquires quickly.
- Assess the capabilities to manage information security remotely. Organizations will need to assess their ability to manage their security operations remotely. This review will involve determining whether the business has the infrastructure and visibility in place to monitor remote workers and the tools to collaborate with stakeholders. This would be a good opportunity to run a remote tabletop exercise.
- Create or update existing runbooks and workflows for common security incidents. The World Health Organization (WHO) and the US Federal Trade Commission (FTC) have warned the public of ongoing coronavirus phishing and malware attacks. Along with continuous end-user training and education, prevent the impact of malicious campaigns by developing or updating your phishing, malware, compromised credentials, and data breach runbooks. Determine who will be responsible for coordinating the program, the response activities of different units (e.g. end user, help desk, information security, legal, compliance, etc.), and when and which stakeholders require a security incident notification/update.
Research: Develop and Implement a Security Incident Management Program