Skip to content

Pandemic Security & Leaving the Front Door Open…

TL:DR?

If you’re typically a TL;DR, I got you – Here’s the deal. Things get sloppy in wartime. When planning for pandemic security, ensure your IT staff is observing all policies and procedures established during peacetime to ensure security isn’t overlooked. Because, while everyone is at home, and the perimeter isn’t top of mind, new holes will emerge in your security strategy. “Stuff” gets missed. When do bad things happen? Most often, at the worst possible time – Oh, and we’re here to help you stay on track.

Shortcuts

Today I listened to a client prepare their work from home strategy. As their Executive Team set mandates for the rest of the month. The social distancing necessity created a litany of questions as the IT staff shared how they were prepping the perimeter, VPN, and MFA (Multi Factor Authentication) for the remote user stress test coming later this week. What was lost in translation as the staff was doling out VPN access, was what methods the users would leverage to obtain access to the corporate network. Turns out, it is a mix of IT secured and Bring Your Own Devices (BYOD). Spot any red flags?

It’s scary the BYOD machines had never been brought under corporate security polices. There was no MDM solution in place to do so, and no way the time-limited staff could resolve the security issue before the mandated work-from-home policy begins. Concessions were made and that’s in reality, how it goes. Seem familiar? I’m willing to bet it is.

Where is the Perimeter?

Where is the perimeter? It’s wherever your users are. Any user on any device with access into the corporate network be it something as seemingly innocuous as Web Mail or the ERP/EHR/Line of business application is an ingress point that should be secured. If left unsecured, you’re leaving the front door open.

Fortune Cookies

An ancient proverb written on fortune cookie that a buddy of mine used to have taped to his desk read, “Avoid compulsively making things worse.” When we let critical details slip. It can be costly.

Here to Help

At StellarOps we help foster deeper process, framework and objective disciplines around the security stack. Best practices for the C-Suite is what we do. Want an unbiased second set of eyes across your tech landscape? Next steps are easy, let’s talk! Contact below –