I was listening to a radio program this morning that attempted to run a simulation of the impact of COVID19 on a fictional town in the UK. The phrase “unintended consequences” came up several times along with deep discussions about the realities of threat modelling and risk management. Detailed planning before the event is a great help, but continual analysis during a crisis is critical.
One of the mitigations that a lot of organisations have in their toolbox is major expansion in remote working. But remote working brings its own risks. If you don’t want there to be “unintended consequences” that affect the ability for your business to operate, we suggest you do the following:
- Build threat models for your critical processes and applications: spot and mitigate threats before they become a problem. Especially look at remote access infrastructure and authentication.
- Continually scan for new devices and applications: things will be popping on and off the network. Know what’s on your network and its status
- Educate remote workers about your Acceptable Use Policy: no, it’s no all right to use your teenage son’s laptop to work on!
Let us know if you need any help.