News

Create a Preparedness Plan to Ensure Business Continuity

Posted on by info

Critical events, such as an infectious disease outbreak, are not always preventable and may be difficult to anticipate. That’s why being ready with a business continuity plan is half the battle. The goal of business continuity management planning is to get businesses back on track following a disruptive event.

Maintain Business Continuity

Start by identifying which organizational processes will be most affected by a disruptive event. Anticipate the types of disruption that pose the greatest risk, and proactively implement policies and procedures to mitigate their effects.

Follow these essential steps to create the foundation for a Business Continuity Plan:

  • Conduct a thorough risk assessment to identify critical processes and functions that would be impacted during a business disruption
  • Identify compliance requirements
  • Identify essential employees to deliver critical processes and functions
  • Determine the agility of the workforce and what resources may be needed during a disruption
  • Review current or develop policies regarding remote work, paid or unpaid sick or personal time
  • Review policy to encourage sick or unwell employees to work remote or separated from other employees
  • Align business travel to align with government mandated travel restrictions
  • Discuss protocol for the safe evacuation or quarantine of employees who are traveling
  • Define internal and external stakeholders for conveying communication
  • Develop strategies and vetted holding statements to communicate with employees, customers, consumers and the media
  • Review supplier service level agreements to consequences for not abiding by contracts
  • Review supplier business continuity plans to determine whether they align with your businesses expectations
  • Define the capabilities of the upstream supply chain to determine their capability to provide your business what it needs during a disruption
  • Consider increasing inventory to extend operations if the upstream supplier is not capable of delivering needed goods
  • Define the capabilities of the downstream supply chain to assess impact to your customers if operations are no longer feasible at normal capacity
  • Communicate business decisions to appropriate audiences
  • Train response team members on responsibilities during a disruption
  • Test the Business Continuity Plan by conducting tabletop exercises

Maintain Employee Safety

Every organization has a duty to protect the health and safety of its employees. That duty is even greater during a critical event involving infectious disease. OSHA recommends taking a systematic approach to planning for employee safety during a disruptive event.

Issues to consider and plan for:

  • Be aware of and review federal, state, and local health department recommendations, and integrate into your plan.
  • Prepare and plan for operations with a reduced workforce.
  • Identify possible exposures and health risks to your employees.
  • Plan for downsizing services but also anticipate any scenario which may require a surge in services.
  • Recognize that in the course of normal daily life all employees will have non-occupational risk factors at home and in community settings.
  • Stockpile items such as soap, tissue, hand sanitizer, cleaning supplies, & recommended PPE.
  • Provide employees and customers with easy access to infection control supplies.
  • Develop policies and practices that, if necessary, can be introduced to separate employees from each other, customers, and the general public.
  • Identify a team to serve as a communication resource so that employees and customers have access to accurate information throughout the crisis.
  • Work with employees & their union(s) to address leave, pay, transportation, childcare, absence, & other human resource issues.
  • Provide training, education, and informational material about business-essential job functions and employee health and safety.
  • Work with your insurance company, and state and local health agencies to provide accurate information to employees and customers regarding medical information specific to the event.
  • Assist employees in managing additional stressors.

This article originally appeared in HUB International’s “HUB Insights”. Copyright © 2020 HUB International Limited. All rights reserved. www.hubinternational.com

Mitigating Cyber, Business and Health Risks of COVID-19

Posted on by info

Overview

CyFIR Enterprise—and its on-demand, instantly-available variant CyFIR Investigator available on the AWS Marketplace—provides fully remote incident response, forensic investigation, insider threat, and eDiscovery collection capabilities to IT security organizations, including those currently under work-from-home or travel restrictions. Built with an enterprise-first architecture, CyFIR was designed for forensic-grade remote access of corporate computing assets, either down the hall or across the globe.

COVID-19 Disrupts Normal Workplace Functions

To “flatten the curve” of the spread of the novel coronavirus COVID-19, many businesses and organizations are asking employees to leave the normal confines of their offices and work remotely from home. Even with strict VPN-access policies, computing assets in the wild are less protected than those internal to a company’s defenses. When employees are working remotely, their computing systems are subject to the potentially questionable defenses of their home’s network configuration and defenses.

Several cybersecurity firms are reporting increased attack activity against a range of targets using the COVID-19 pandemic to dupe their targets into launching malware as large portions of the world have their attention turned toward the virus. With employees being distracted by juggling unanticipated work from home, closed schools, potentially sick relatives, and limited office resources, they may be less vigilant in ensuring that every link in a multitude of email messages is a safe one.

Additionally, the COVID-19 virus has impacted travel capabilities for IT security units that often work on-site with customers, such as Incident Response (IR) and eDiscovery collection teams. Traditional IR models often call for a team to fly to a customer’s location, work on-site with employees to collect disk images of computing resources, and then fly back to their corporate offices to begin analyzing the content of those images. Not only does this approach expose an IR provider’s employees to potential threats of COVID-19 in both travel and working in unknown environments, but it also reflects an inefficiency and of the Incident Response market driven by the limitations of common software platforms in the field.

Further exacerbating the issue of providing incident response and investigative services to a “work from home” workforce is the reduced internet connection speeds of home broadband service. Many forensic investigation platforms rely upon the support of a high-speed network connection, assuming that they are being used within the confines of an office. This essentially renders IT Security teams incapable of addressing their company’s security concerns while its workforce is practicing social distancing and isolation to combat COVID-19.

CyFIR Allows IT Security and Incident Response Functions to Continue Remotely—Without Access Limitations or Risk of Viral Exposure

Internal IT Security Teams

With the immediate mandate to work from home established by many organizations in the face of the COVID-19 pandemic, many IT Security teams will find themselves unprepared to handle their job functions with the majority of the computers under their protection being removed from the corporate network and exposed to a wide variety of home networks with differing security postures. While this may be “business as usual” for modern distributed companies, factors involved in ensuring security for remote computing assets often have not been thoroughly considered or prepared for by traditional organizations.

With the CyFIR Smart Agent deployed to computing assets, IT Security, Insider Threat, and eDiscovery collection teams can remotely access endpoints with forensic fidelity to perform their critical job functions, unaffected by the location of either their analysis workstation or the targeted computing endpoints. With appropriate permissions, security staff can review detailed information about running processes, search for files of interest across all endpoints simultaneously, dive deeply into an endpoint’s file system or email storage, examine open network connections for signs of data exfiltration, extract files or processes of interest for storage or further analysis, and more—regardless if those endpoints or analysis workstations are inside or outside of the corporate firewalls.

Incident Response Companies

Because of the limitations imposed by both common incident response investigation software platforms and unchallenged legacy procedural thinking, most companies engaging in incident response work send teams of individuals—billable by the hour—on-site to create tens, dozens, or hundreds of image copies of potentially affected computer systems which they then bring back to the lab for analysis separately or in small batches. This methodology puts a company’s staff and customers at risk during a viral pandemic.

With CyFIR’s enterprise-first, fully remote architecture, a CyFIR installation can be set-up on customer premises, at corporate headquarters, in a corporate data center, or in the Cloud. For short-term, immediate-need engagements, CyFIR LLC also offers CyFIR Investigator on the Amazon Web Services Marketplace. Using CyFIR Investigator on AWS, within fifteen minutes, Incident Responders can create an appropriately sized CyFIR server for engagements from five to 2,500 concurrent endpoints and begin deploying CyFIR Smart Agents to computers in need of incident response investigation or remediation. This can all be done remotely, from any location, to any region served and supported by the AWS Cloud. In doing so, this protects IR staff from traveling and being exposed to unknown conditions on-site, allowing them to be effective, productive, and responsive while meeting the CDC’s recommendations of social distancing and protective isolation. With additional CyFIR Investigator instances, numerous individual customers can be handled from one analyst using a single workstation connected to the AWS Cloud for everything from making a live, remote, forensically-sound disk image to performing a full Incident Response investigation and remediation across thousands of endpoints. Five-day free trials—often more than enough time to complete an investigation with the concurrent endpoint processing offered by CyFIR—are available on CyFIR Investigator instances of 250 endpoints and larger.

CyFIR Operates in a Low Bandwidth Environment

Unlike most “enterprise” forensic analysis platforms, CyFIR is able to function in a remote, low-bandwidth environment. CyFIR’s remotely deployed Smart Agents contain the forensic processing functions of the CyFIR platform. The Investigator’s interface simply provides commands to the endpoint Smart Agents, and the Smart Agents return a small amount of data with the resulting information. Investigators can then choose which files or processes to preview, review, remotely acquire, and more. While CyFIR cannot image a hard drive faster over a low-bandwidth connection than its competitors, the live nature of CyFIR’s forensic investigation and incident response capabilities allow investigators to complete their work without requiring that a disk or RAM image be made.

In short, using CyFIR Enterprise, IT Security staff can successfully complete incident response, internal investigations, and endpoint remediation safely and remotely, even over slower, “work from home” internet connections.

Conclusion

Whether business operations are disrupted by COVID-19 or it’s business as usual, CyFIR’s remote, enterprise-scale forensic investigation, monitoring, and malcode detection capabilities can be deployed from any location to meet enterprise needs of any size. For rapid incident response, internal investigation, or eDiscovery collection matters, CyFIR Investigator on AWS Marketplace provides broad forensic investigation capabilities across five to 2,500 endpoints concurrently, and subscribers pay only for the time needed to complete the task at hand. Within fifteen minutes, IT Security personnel can be ready to deploy CyFIR Smart Agents to meet the unanticipated cybersecurity challenges currently unfolding from COVID-19 without risk of exposure to potentially infected coworkers, travelers, or customers.

For more information, please visit our website at https://www.cyfir.com or contact Gary Mellott at gary.mellott@cyfir.com.

Next COVID-19 Relief Phase Could Be Infrastructure

Posted on by info

In his public COVID-19 briefing on Tuesday, March 31, President Trump proposed a $2 billion infrastructure bill as the next piece of legislation to boost a post-pandemic U.S. economy. Although many lawmakers agree with the President, exactly what projects should be done and, more importantly, where the money will come from are points of contention.

The President proposed that the country should take advantage of historically low interest rates to borrow inexpensively to finance the infrastructure work. In a tweet he said, “With interest rates for the United States being at ZERO, this is the time to do our decades long-awaited Infrastructure Bill. It should be VERY BIG & BOLD, Two Trillion Dollars, and be focused solely on jobs and rebuilding the once great infrastructure of our Country! Phase 4.”

Rumors have the White House and Congress discussing ideas for a fourth round of stimulus due to the coronavirus outbreak. House Speaker Nancy Pelosi told reporters, “The President said during the campaign—and since—infrastructure was a priority for him. So that’s why we believe that in terms of recovery, that’s probably the most bipartisan path that we can take.”

The bill could be a boon to a construction industry currently under severe duress due to projects lost to the pandemic. According to the website The Hill, lawmakers “suggest the bill could include updates to public drinking water systems and hospital capacity, as well as upgrades to rural broadband in light of increased teleworking and online schooling during the pandemic. The upshot would include additional jobs at a time when unemployment filings are skyrocketing into the millions.”

The dictates indicate the nation is on a path to getting what has been rumored for years, an infrastructure support bill that will have bipartisan support. The Phase 4 bill could allow the U.S. to move forward with the work that everyone seems to agree we need, but no one has been willing to commit to. While we only have a tweet and comments to the media to confirm such a commitment, we seem to be moving in the direction of an infrastructure bill.

According to levelset.com, a website that advocates for construction businesses, the CARES Act, which was signed into law on March 27, contains elements of stimulus for the construction industry. In an April 2 posting, the site noted: “In particular, contractors who work on healthcare and public works projects could see a sharp uptick in jobs as infrastructure and hospital projects get off the ground quickly. In most states and cities so far, construction, in general, is considered an essential business, and projects are being allowed to continue even as governors issue stay-at-home orders.” The site points to $100 billion in emergency grants to hospitals that could be used for new construction projects to increase patient capacity, and another $150 million “to prevent, prepare for, and respond to coronavirus, domestically or internationally, including to modify or alter existing hospital, nursing home, and domiciliary facilities in State homes.”