WFH Cybersecurity for the C-suite

WFH and hybrid technology environments are fundamentally different from traditional office IT environments behind the corporate firewall. For this reason, your IT and security teams, as well as your WFH employees, will need a different set of tools in order to ensure cybersecurity. Here are the top three considerations:

Endpoint protection: A robust EDRR or MDRR solution is needed in order to protect endpoints at home as well as in the office.

Updates and patching: For IT to keep your employees’ off-site devices updated and patched, they will likely need a separate toolset (e.g., Microsoft Intune or similar).

Mobile device management: MDM or EDM tools help ensure all employees’ devices are patched, up-to-date, and following the correct security policies—no matter where they’re working.

The software platforms and apps your organization uses may already have additional security features built-in. But these features can’t help you if you don’t take advantage of them.

One key example is multi-factor authentication (MFA). This is available for many apps and services, and is the single best way to prevent an account breach if an employee’s password is compromised. But if MFA isn’t enabled, it can’t protect you.

Talk to your IT team about turning on MFA for every app and web service in your organization—especially ones used by your at-home employees. Then ask them if there are other available security features or tools that you could be leveraging for better cybersecurity.

In buy-side finance, small and medium organizations often lack the technical resources of their peers in other sectors, even though they are managing far larger amounts of money on a daily basis. This makes you a tempting target for bad actors.

Rather than trying to reinvent cybersecurity, and overburdening your overstretched IT team in the process, find a managed service provider (MSP) to help you with your WFH security challenges. An existing third-party IT provider is a good place to start your search. But ideally, your MSP partner for WFH security will have a strong track record of successfully completed cybersecurity projects and extensive industry-specific experience.

A good service provider should also be able to offer your employees 24/7 support no matter where they are—a critical capability in the always-on world of work-from-home and work-from-anywhere.

Despite the best of security precautions, organizations may suffer cyber incidents and service outages. For this reason, it’s important to have clear incident response plans, policies, and procedures.

Executives have a vital role to play in creating and defining an organization’s disaster recovery (DR) plan and business continuity plan (BCP). In particular, leaders have a good overview of the organization’s structure as a whole—and will be able to help ensure that DR and BCP planning encompass the entire business, not just a handful of roles or mission-critical departments.

In addition, external vendors should be included in incident response plans. Here too, leaders have the big-picture perspective on operations—as well as the business relationships—to help make this possible.

After comprehensive incident response plans are created, they need to be periodically tested and validated to ensure that they will work as intended in a real emergency—and to account for changes that may require an update.

For example, DR plans should be tested under near real-world conditions. It’s not enough to set up a DR environment in a “bubble” and simply verify that it can be accessed. A true DR test will involve key personnel actually failing over to the DR environment from the production environment and operating there for an extended period of time before failing back to production.

Leaders have the authority to mandate that DR and BCP tests are conducted regularly and that they are genuine audits of incident response plans. In addition, leaders should be involved in reviewing the results of incident response tests to ensure that updates and corrections are made as needed.

If a cyber incident occurs, the IT department or the MSP will be the first to know, and the emergency response plan will be initiated. But executives need to be involved in the decision-making process from the first critical moments of the response.

This is important because in the early stages of an incident, there are many key decisions to be made. How will the incident be communicated to regulators and stakeholders, and when? Who will be the main point of contact—a PR person or general counsel? How will your organization deal with time-sensitive threats or demands for ransom payments if you are attacked by cybercriminals? Before an incident occurs, be sure to define your role in the response plan.