Understand – your posture
The pressure on leaders at this time is extraordinary. As incident responders and leaders, we are engaged across many industries and understand that decision-making needs to be well informed, but methodical. We have outlined below priority information requirements against each response option.
questions that need to be asked and answered
What are your new risks?
The way you work has changed, where your users are located has changed, your risks have changed.
Where is your data now?
So you had to get users working and you didn’t have enough laptops, so the business made a decision to let remote users use their own. Your corporate data is now on unmanaged unsecure endpoints, you need to get it under control.
By following these actions you will better understand your posture and be on track to a more secure business.
- Review work from home and data handling policies, and update
- Make sure users are aware of any policies around the handling of data, remote access and privacy etc.
- Take the time to understand how people are now working with company data and what the data is. If you don’t have a data classification standard or data labelling enabled now’s the time to start.
- Look at ways to provide secure containers or repositories for sensitive data e.g. Microsoft Intune, VDI etc
- Assess your compliance requirements against your new working environment. Look for non-compliance against the Data Privacy Act, ISO27001 etc.
- Work with your Compliance and Risk teams to better understand what standards you need to comply with. Get on the front foot.
- Ingest new log sources particularly those that are more critical than ever e.g. remote access, remote endpoint and new SaaS services
- Update Playbooks and threat intelligence feeds. Bad actors will take advantage of change.
- Build new Use-Cases that make sense, improbable access events and user behaviour are a great place to start