Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Next Steps in Managing a Dynamic Workforce
The COVID-19 pandemic has forced many organizations to make a rapid pivot to remote work. This can open the door to a variety of cybersecurity and identity issues, though. In today’s guest post Jerry Aubel of RSA offers five steps you can take to secure your business during this difficult transition.
Business disruptions can catch us off guard. Even the most diligent leaders and competent technical practitioners can’t prepare for everything. In the current environment, many organizations have had to make a rapid shift to get their workforce ready to work remotely. In some cases, this could be an easy transition. In others, not so much. The most basic functions can be challenging given the pressures of the moment, from procurement of laptops to the implementation of improved security measures, like VPN access and multifactor authentication.
Here are five steps you can take to reduce negative impacts on your organization and support your dynamic workforce.
You’ve transitioned many of your formerly office-bound employees to remote locations. Many of the things you had planned for worked. Perhaps you adopted multifactor authentication (MFA) solutions for secure access to the corporate VPN, along with sound access assurance policies. But a remote workforce creates more points of exposure and new risks emerge, like employee use of personal devices, unmanaged devices and potentially unsecure home Wi-Fi. A risk assessment of your team’s readiness to work from home once they’re live is essential. It isn’t too late to get a solid sense of your readiness and make the appropriate adjustments.
Sometimes, without the proper guardrails in place, things can turn into the Wild West, and when your teams are outside the office-based IT perimeter walls you can quickly lose control. The attackers aren’t giving you any slack; in fact, they will take greater advantage during a crisis. Training, or in most cases, re-training and awareness can remind a mobile workforce of attacker behavior and how to stay vigilant. Malicious websites are proliferating. Phishing, smishing and credential theft attempts aren’t going away, so now is the time for refresher sessions with your employees.
One other consideration is to ensure your Help Desk is prepared for the onslaught of inquiries, questions and tickets that will come their way. Although many enterprises have large populations of remote workers, some may be new to the game and have little context to fall back on with new IT processes or applications. Automation, knowledge bases and self-service portals can provide a first line of defense for Help Desk staff, but nothing beats preparedness and skill.
As you open your network to increased remote access, Strong access governance is essential to maintaining control and accountability. Some staff may have increased or changed duties and require access to new applications and resources. Regular access certifications become necessary to ensure only the right people have access to the right applications, data and IT resources. Policies such as segregation of duties and least privilege access need to be stood up, with reporting and dashboards put in place to ensure compliance. In addition, a sound Joiner, Mover, Leaver policy can prevent over-privileged or entitlement sprawl while diligent access governance can help identify and remediate issues.
Having a potentially dramatic increase in the number of remote employees poses challenges in monitoring a widely dispersed set of endpoints. This requires a strategy that can deliver visibility, threat detection and response, analytics and orchestration. Consider this: remote workers are likely to exhibit abnormal behaviors given the new flexibility. In an office environment, most would log into the network at a set time and log out at the end of the day – normal behavior. Now, a resource may log in to check email from home at 2:00 a.m. on a Friday when they get up with a child – not typical behavior. Having business context, visibility and analytics capability in place can help establish a new baseline of normal user behavior with a remote workforce.
Disruptions happen. Enterprises spend valuable resources on preparation and response planning to help ensure business resilience. But, as they say, a good plan rarely survives the first shot on the battlefield. And, some circumstances occur so infrequently – such as pandemics – that many organizations may not have devoted any time to it. Keep business continuity and recovery plans updated, build a culture of preparedness and test your plans frequently. Establish processes that can protect your organization, people, technology, facilities and customers.
As time progresses and we return to a more normal state, you may likely find the composition of your workforce has permanently been altered. The notion of a larger percentage of your teams working remotely can offer tangible benefits, but at the same time it can present challenges. An after-action review can help your organization improve continuity plans, enhance resilience and mitigate digital risk associated with your dynamic workforce.
March 26, 2020
The actionable steps outlined here provide the foundational support to enable and secure a WFH model.
April 29, 2020
Understanding the COVID timeline helps us plan for what our post-pandemic world will look like.
April 07, 2020
This checklist provides actionable steps you can take toward achieving short-and long-term SecOps priorities.
Let us know what you need, and we will have an Optiv professional contact you shortly.