Keeping Your SecOps Team Safe and Healthy While Protecting Your Organization

It’s critical to maintain business continuity and productivity as more organizations shift suddenly to remote work

Security is critical to the success of this shift, which means there will be extra pressure on SecOps teams to keep sensitive company information safe on widely-dispersed laptops and phones. Since the SecOps team will be undertaking this effort remotely as well, how can organizations make the transition successfully and keep both its business and employees safe?

Remote Work: Two Primary Considerations

There are two aspects of remote work to consider. The first is how to support your team. It’s important to make priorities clear so employees don’t waste time working on non-essentials. In this vein, you will need focus on over-communication. Make time to answer questions and talk about how the situation is impacting team members, both professionally and personally. One of the biggest challenges remote workers can face – especially given the current events and the rapidly changing news – is loneliness and loss of morale due to isolation from others. So, stay connected and don’t forget to try to have some fun while you’re doing it, as well.

If your team is large enough, put people into groups so they have support. Expect that there will be challenges with coverage as your team gets settled into a new working rhythm.  Ask people to share what is working and what should change.

The second aspect to consider is how best to defend the company. Share regularly any changes that could impact the security of remote workers with those workers, and remind them to be vigilant. Be purposeful and example-driven with communications. Two to three updates a week is good; multiple times a day is too much.

Schedule time with your SecOps team to talk about how any changes to your company technology footprint (e.g., introducing new services like Zoom, file sharing or anything else) could change your risk profile. If you can make it easy and secure for employees to do these things, it will help limit risk from shadow IT usage. A good way to think about communicating security best practices is to simply share helpful ways to accomplish common tasks (in a secure way):

1. Video communications (Zoom, Microsoft Teams, Google Hangouts)

2. Group collaboration (Slack, Teams, Hangouts)

3. File sharing (Google Drive, DropBox, O356)

4. Corporate email on personal devices (GSuite, O365)

This is more important than ever, given the current global pandemic – especially as we’ve seen that cyber actors will take advantage of any perceived weakness. These are key steps to be taken to ensuring your employees stay healthy and safe and your organization keeps running securely, particularly when it involves having large numbers of your employees working from home.  

Putting the Right Staffing and Communications Plans in Place 

Many organizations must quickly adapt to the current immediacy of remote work. It can’t work without a plan, and a good plan includes: 

⚫︎ An FAQ document with information on who to contact on different subjects or topics that may arise.

⚫︎ Updated team contact information, including both work and personal phone numbers and email addresses. 

⚫︎ The set-up of appropriate notifications going to the appropriate team members. 

Plan shifts with both primary and back-up staff. Everyone within the SOC team needs to know not only their own role but also the availability of the entire staff. Be clear on primary responsibilities. Publish staff schedules in a way that everyone can access, and make sure that shifts and turnover polices are transparently communicated.

Take Advantage of Today’s Collaboration Technologies

There are many collaboration technologies on the market that enable remote work as similarly as possible to in-office work for many industries. Above all, you’ll need tools to securely address:

⚫︎ Video and voice conferencing – primary (e.g. Zoom) and backup (e.g. Webex)

⚫︎ Remote access – network (e.g. VPN) and services (e.g. direct email access)

⚫︎ Internet access – primary (e.g. home ISP) and backup (e.g. mobile hotspot)

⚫︎ Company-issued laptops and, secondarily, the use of a personal device, if necessary and authorized

Account for Changes in Services and Employees

Business is in a period of major adjustment right now. Keeping productive also requires keeping in mind that things will ebb and flow, and organizations must be flexible. This includes accounting for limited services. For security teams, that means some forensic services may only be available on-premises. Additional temporary capabilities can be found to fill the gap.

All Secure

Life is uncertain; one of the only things that seems certain right now is the need for a solid business continuity plan. As legions of workers are asked or required to work remotely, organizations need ways to be agile and productive while remaining secure. They also need to make sure that their most important asset – their employees – have the tools and the interactions needed to feel connected and equipped to fulfil their roles. The recommendations noted above will help you create a solid work-from-home foundation that benefits workers and customers alike. 


About the author

Matt Eberhart is the VP of global sales at Respond Software. He has over 20 years of experience in the security industry from hands on operations to product management, go to market, and hyper growth. He was early at Secureworks, where he had the opportunity to create and grow several different security operations models, innovating on blends of people, process, and technology.

Connect with Matt on LinkedIn: https://www.linkedin.com/in/matteberhart/

Featured image: ©Dimco