Discover why PagerDuty users are switching to xMatters. Listen to insights from Ben Narramore, Director of Global Operations at PlayStation.Watch webinar

Uptime Blog

The Security Professional’s Remote Work Guide

The Security Professional’s Remote Work Guide

In the past few years, many organizations, led by the tech industry, have been slowly moving toward the remote work reality. But COVID-19 forced most companies to accelerate this decision and adapt more rapidly than they had anticipated.

And, suddenly, there we were: fast-forwarded into the future without a remote work guide…

If you find yourself in this situation and could use some guidance on how to quickly deploy a Work From Home (WFH) policy, I have some tips based on our experience here at xMatters. Hopefully you find these helpful!

Assess the risks

The first step is to perform a comprehensive risk assessment on the new WFH scenario. Take some time to list all the threats you can conceive of and create a response plan to each one. Analyze and mitigate as many potential risks in advance as you can, from secure access to critical assets to equipment maintenance.

This is your opportunity to find out if you need to procure new technologies and equipment, or if you should be making information more accessible to your employees.

Assess risks when considering a remote work plan.

Train your employees

An open, honest,  and fair communication with all employees about any new policies is imperative for the success of your changes. Document your guidelines and enforce an Acceptable Use Policy for organizational assets.

We recently created a robust Education and Awareness Program at xMatters. All employees will receive ongoing monthly training — not only on best security practices, but also in privacy compliance (GDPR, CCPA, Pipeda, etc).

Train your employees as part of your remote work guide.

Train your employees as part of your remote work guide.

Improve security

This one seems pretty obvious, but the hard part can be figuring out which cybersecurity areas you should prioritize. Your initial risk assessment can certainly help here. Some immediate tactics for privacy, security, and trust include:

  • Adopting multi-factor authentication
  • Enforcing VPN usage
  • Deploying strict DLP (Data Loss Prevention) controls
  • Creating a list of authorized software
  • Managing devices and anti-malware deployments centrally

This list can quickly seem unwieldy but focus on making decisions about imminent risks with a high potential for damage. Carefully consider the type of work being carried out and the data being processed.

Improve security before you implement a remote work policy.

Improve security before you implement a remote work policy.

Review your Business Continuity Plan

The big question here is pretty straightforward: what and who do you need to keep your business up and running? The answers should help you prioritize how to improve continuity if all employees are working from home. Consider backing up human resources and preparing alternatives to home internet in case of failure, to start.

Make sure you:

  • Review critical human resources
  • Assess continuity of your critical suppliers
  • Create a plan and share it with all employees, so they know what to do in case of emergency
  • Continuously communicate with clients, to make it clear you are ready (for a pandemic, for example)
Review your business continuity plan when you make remote work mandatory.

Review your business continuity plan when you make remote work mandatory.

It’s not too late

If you haven’t already started to answer these questions, you’re already behind – but it’s never too late to start writing your own remote work guide! Here are some great ways to get started right now:

  • Brainstorm with your team, list imminent risks, and plan responses.
  • Be transparent and train every single person.
  • Search for technology that can automate parts of the process and help you with data for more informed decisions.

These suggestions are a logical combination of industry best practices, privacy requirements, and controls found in well-known security standards (CIS, ISO, etc). As an ISO 27001 certified organization, xMatters needs to constantly re-assess these requirements and have strict technical and administrative controls in place.

Remember, we’re all in this together, and most people are happy to help. Ask professionals you respect for help and come pose questions in the xMatters Community. We want to see you succeed!

Request a demo