by Richard Berkley
Contributing Editor

The term “the new normal” is increasingly popular during these times of global pandemic. I find it comes up in conversations with colleagues, friends, clients, and it is all over the media regardless of the format you choose to consume. Rather than provide yet another philosophical rant to the internet on, “what does normal mean anyway?” (answer: it means different things to different people and cohorts) or “This could actually be a good thing” (answer: maybe from some perspectives but definitely not from others), I thought it best to provide some insights into what we, Partners in Performance America, are seeing in the field. Afterall, what we are seeing from the board rooms and corner offices is quite different from that which we observe in the deepest and darkest sections of the internet. (Side note: yes, we frequent those seedier sections of the web; know thine enemy and such.)

First, let’s get a few things out of the way;

  • Yes, I really can buy your corporate Zoom account info for less than a penny off the dark net and no, that doesn’t mean Zoom is bad and other platforms are good. It most likely means that Zoom got hot in a hurry and hackers love to be the rain on parade day for anyone.
  • No, your home network is not as secure as your provider may claim, but some basic cyber hygiene will take care of the vast majority of your vulnerabilities.
  • Yes, we can see your cat doing that in the background despite your video being “blurred”.

Ok, with that out of the way, the term “normal” does mean different things to different people. For years, I took several hundred business trips, averaging 8 flights per week or so, to visit clients and field offices. To me, the bad oatmeal in the airline lounge was a “normal” breakfast. Often my friends or family would ask, “Why not just use Skype or something?” It is not really that vindicating to watch those now working from home recognize the dimensions of human interaction which just cannot be captured digitally. Still, there is a good chance video conferences are here to stay and little chance that between your vendors, clients, and internal operations everyone will use the same platform. We will all need to remain nimble in our usage, but security teams should have heightened awareness to the exposure their networks may have when connecting digitally to another organizations conferencing facilities. As time progresses, and comfort levels with these tools rise, more vulnerabilities are sure to follow. Many of them will be reported right away and can easily be actioned by even the most luddite of executives who can work a computer mouse.

Honestly though, work-from-home best practices is not what keeps the CISOs in our circle awake at night. Long hours in the office may still have been the “normal” for some, but those who are now able to work from home likely already carried a company laptop and connected through a VPN to secure infrastructure. They knew the drill, or at least aren’t materially increasing an organization’s cyber risk by connecting on a Tuesday morning rather than a Sunday afternoon when they check their email from home. It is those who have been deemed essential, many of whom are now working with new health & safety requirements and fewer resources, who we are seeing accept the biggest cyber risks.

Partners in Performance America has conducted numerous tabletop exercises with firms and governments across the globe for a variety of different scenarios. All the data points we have suggest the time to try out a business continuity plan or a major disaster recovery scenario is not during a real emergency.

Keep in mind, bad people are more than willing to take advantage of a bad situation, making matters significantly more challenging. What we are seeing are senior teams and front-line workers making fast decisions and doing the best they can. This translates to a heavy focus on physical safety and continuity planning, both great things to ensure are up to snuff in these times (or any times) but, in many cases, lead to a relaxing of the organization’s cyber guard.

A boss of mine once told me, “never waste a good catastrophe”. Over many years and many catastrophes, that statement has stuck with me and evolved in its meaning. If you or your colleagues are working from home, take the opportunity to practice some of those cyber standards you learned. If you are still open for business everyday just to keep the planet turning, we thank you, all of you, but please, don’t allow a bad situation to be made worse because resources are constrained and time is ever tightening.

Take the time. Follow the policy. Stay safe. Stay secure.

Leave a Reply

Your email address will not be published. Required fields are marked *