We’ll call it “Teleworking” which is a little dated, but broadly covers the capabilities and scenarios.
Cybersecurity is one of those things that never really seems to make it to a top 3 business priority. It doesn't usually win clients and generate revenue, but you know you need it, so it hovers around the top 5. (It sure can lose clients and be costly, so food for thought.) Then, something happens such as an attack/breach, and the organization must scramble to Respond and Recover (thanks again NIST for the Cybersecurity Framework). In the context of the global pandemic, teleworking is suddenly a tippy-top priority.
Teleworking is following the cybersecurity pattern now. (We felt it needed a little push, but few of us expected this shove.) Given the circumstances, we recommend treating the teleworking need like incident response (leading into business continuity and disaster recovery, BC/DR) versus just ratcheting it up in priority. This allows for a "high speed and low drag" effort where security and privacy may be deprioritized or deferred — see the Cylidify Break Glass post.
There is a lot of guidance circulating on teleworking now. It’s mostly good and falls into one of two camps, 1) Users (employees, vendors, customers, etc.) who consume the capabilities and services. and 2) IT professionals configuring, deploying and maintaining the capabilities and services. You need both, but you may not care about both. Cylidify has posted on LinkedIn on teleworking security and privacy (straddling the camps), which provides a good starting point for either Users or IT Pros. However, we wanted to consolidate and extend upon our previous posts, and tell you how Cylidify can help more directly.
Users
Your job is easier mostly made up of conscientious use and good etiquette. This will help others inside your organization and outside like those using the same tools/platforms across limited bandwidth of the public internet and connected clouds. Be courteous and patient with others and your IT team!
See our LinkedIn post and the comments
Tripp and Tyler Conference Calls in Real Life (YouTube) — we can use a little humor
IT Pros
Yours is the much tougher job since you also have to do most your work remotely and cover the wide variances in user’s location, network, device, and scenarios while managing connectivity and bandwidth demands. Luckily, there is a robust teleworking ecosystem available (vendors and tools/platforms) and most organizations already had some capabilities. The vendors are doubling down to help get users on-boarded and maintain performance/reliability.
See our LinkedIn post and the comments. If you can employ policies to enforce etiquette. especially those that conserve bandwidth and performance during peak use, do it!
FireEye Blog Post employing concepts and practices that Cylidify recommends like Zero Trust and Threat Modeling
The Users links above are relevant for you (especially the humorous video in the last bullet).
Cylidify has added assessment add-ons to cover teleworking broadly and added resources (staff and partners) to allow us to engage quickly — see Offerings and Promotions.
Note on Zoom [Updated 4/15/20]: This video conferencing platform and service is one of the newer that is competing with WebEx (Cisco), GoToMeeting (LogMeIn), and Microsoft Teams (formerly Skype for Business and Lync). Like the others, Zoom has seen a huge surge as part of Covid-19 counter measures. This has uncovered security and privacy issues that have been widely reported by the media (see Business Insider and Cnet). Cylidify recommends caution when participating in any Zoom meeting and in the configuration and setup of the service and the individual meeting (shared responsibilities between Users and IT Pros).
ZDNet has posted a list of 10 things to do to keep your Zoom meetings secure and private. That is a lot of steps, but many align with our LinkedIn post best practices!
Please contact us if you have questions or would like a baseline assessment of your video conferencing and teleworking capabilities.