It isn’t easy to be responsible for the security of government systems on a day-to-day basis, let alone during a global pandemic. COVID-19 concerns are changing how government organizations run their IT operations, namely because of the dramatic demand to expand telework capacity.
The sudden influx of teleworkers means IT professionals have to secure infrastructure, applications and systems in a new, and more complex, environment. Instead of being in a centralized, physical place, whole swathes of employees are now working from home, which introduces more elements of risk that must be monitored.
Speaking at GovLoop’s latest virtual summit, Brandon Shopp, Vice President of SolarWinds, an IT management solutions provider, highlighted three keys for agencies trying to simplify and secure their new remote work environments.
1. Get expanded visibility into the network
What was originally a simpler perimeter to defend — that is perhaps, a government building or a centralized office — now has shifted to include every home and location that an employee may be working from. People are connecting to the internet from their home Wi-Fi networks and some are using potentially vulnerable devices. Folks are also more threatened online due to the surge in coronavirus-related phishing attacks.
With the unprecedentedly large amounts of people working from home, this has created an additional load on IT infrastructure, especially virtual private networks (VPN), which connect users back to an agency’s enterprise. In many agencies, the IT staff has been overwhelmed with the surge in VPN of connections being requested.
“It wasn’t part of the original plan to have all these people connecting all at once,” Shopp said. “Some of the key things IT folks are going to look at for a healthy and strong environment are going to shift.”
Having visibility into how systems are running is essential to the IT staff’s ability to closely monitor traditional and new cyber risks. At some organizations, IT personnel have even created their own “COVID-19 dashboard” that tracks key pieces of infrastructure that are newer to monitor, Shopp said.
2. Provide employees with clear and consistent communication
Bad actors are looking for weaknesses — perhaps less so on the infrastructure side and more so in the human element, Shopp said. They will take advantage of fear, panic and confusion to lead people to click on malicious emails and other malware.
“The main thing people are looking for is certainty, guidance, direction. Make sure they feel armed and comfortable so they can continue to operate and go forward,” Shopp said.
Technology is difficult and can be intimidating to use. If employees feel empowered to use their digital tools, instead of intimidated, this will reduce the burden of basic troubleshooting inquiries on the IT help desk.
“We could always use more IT folks, especially on the security side,” Shopp noted. “But we’re not going to get more IT folks in this time, with people watching budgets and expenses. So we need to make sure we’re optimizing the team’s time so that the agency remains operational.”
IT staff can empower their colleagues through a number of ways, such as documenting best practices or compiling frequently asked questions. You can even hold IT office hours, an hour every day, for example, so people can ask questions and interact with staff over video conferencing, Shopp said.
3. Revisit continuity plans and IT priorities
Even at this moment, agencies have had to adapt and “think on the fly” about their continuity of operations plans in the unique circumstances the pandemic poses. The global pandemic is a first-in-a-lifetime for many, Shopp said.
After the pandemic passes, agencies may have to continue to consider how they might change and adjust their continuity plans and IT prioritization.
“Organizations will have to say, ‘What do we want our organization to look like going forward? Do we need to revisit some of the projects we were working on before? And say, God forbid, in the next pandemic, how do we know we’re better prepared for that?'” Shopp said.
Shopp expects that agencies will have to ask themselves new questions that the pandemic raises when it comes to technology modernization and the role of IT. Long-term questions like, “What do I want my infrastructure and IT setup to look like in five years?” will direct short-term actions such as buying criteria, future investments and even non-investments.
“IT professionals are going to have to look at their IT roadmap and make it align in the post-COVID-19 world,” Shopp said.
Don’t miss out on other virtual learning opportunities. Pre-register for GovLoop’s remaining 2020 virtual summits today.
This online training was brought to you by: