Challenging times or shifting conditions, such as those brought about by the unprecedented global health crisis, highlight the need to ensure your team has the technology, workflows, and processes in place to continue to deliver innovation at a rapid pace, despite the hurdles.
For most regions in the U.S., life has been toppled in different ways following urgent stay-home orders put in place to flatten the curve and reduce the immediate impact of the spreading coronavirus. In ways largely unexpected a few weeks or a month ago, millions of employees now have to work from home and school their children digitally, and hospitals are facing an unprecedented number of patients in need of care.
While working from home is necessary at a time like this, it leaves critical employees away from secure buildings and far from IT teams who can keep their devices or information safe. In our industry of Life Sciences and Healthcare, this is a particularly troubling fact.
Reasons to Prepare: Common Threats in the New Working Normal
Companies or enterprises, whether involved in crisis response and management or not, should be prepared to counter potential DDoS attacks, large scale phishing attempts, and even ransomware attacks that may increase as a result of new remote work standards. Hospitals, in particular, are at higher risk, so these enterprises need to go back to the basics, patching systems as soon as possible and not falling into the trap of – “we can’t afford that activity or downtime now.”
VPN connections, which have become a relatively common way for enterprises to provide their employees with secure connections, still present some risk if not properly deployed. As more and more employees are working from home, organizations are struggling to maintain network privacy and handle security issues. Also, because of bandwidth capacity issues, organizations may struggle to provide secure VPN connections for all of their remote employees. And, since not all employees understand how VPN works, they may engage in activities like streaming videos that drastically tax the bandwidth for all the users.
The increased use of online meetings, which has been a critical tool for many companies to enable collaboration among employees, also exposes vulnerabilities, as not all users understand the importance of creating—and attending—only password-protected events.
Moreover, the IT Operations teams that are typically able to respond immediately to a security breach or threat thereof, when in the office, are now at risk of being hampered by poor connectivity. Things that previously involved 10 to 15 minutes window to resolution—whether a system outage or something serious of nature like an ongoing attack—may now involve double or even triple the time due to slower connections.
Best Practices to Protect: Rules to Work By
The good news is that many of the tools that allow for secure remote work already exist, including some that offer VPN’s (example Cisco Anyconnect VPN, Zscalar Private Access), two-factor authentication, password managers, secure file transfer and other security features and tools.
In addition, there are several best practices organizations should work by not only through times of crisis but also year-round for maximum protection and continuity:
1) Secure System Access
All employee logins, not only critical ones, should be protected by strong multi-factor authentication as quickly as possible. Single sign-on solutions (SSO), such as Okta, can help users reduce the number of logins the users have to complete to go about their everyday work while protecting your critical data. And for the most sensitive system access, encrypted VPN’s should be enforced as a requirement to log in. Additionally, a companywide, one-time password reset cycle with a prefaced notice that a maximum secure password is now critical.
2) Ensure Redundancy
It is essential to maintain service levels when data center or service failure occurs. To do so, move traffic to a different zone, region, or geographical area from the affected area, and keep core applications deployed to an N + 1 standard so, in the event of a failure, there is sufficient or adequate capacity to enable the load to be load-balanced to the remaining sites or geographical locations.
3) Safeguard Availability
Ensure critical systems are backed up locally as well as across multiple isolated locations or regions. Each location should be designed and engineered to operate independently and with high reliability. Create a system design that has highly resilient systems and should be well-architected to provide service availability.
4) Maintain Detailed Business Continuity Plans
A good plan outlines measures to avoid and lessen environmental disruptions, not just what to do to recover from them and includes operational details about the steps to take to before, during, and after an event. The Business Continuity plan is supported by testing that includes simulations of different scenarios when a service is disrupted. It is important to document people and process performance during and after testing, corrective actions that need to be taken, and lessons learned with the aim of continuous improvement.
5) Prepare For the Unlikely
A pandemic, for example, is an important event-type for which all businesses should prepare. The events of the past months remind us why. Mitigation strategies include alternative staffing models to transfer critical processes to out-of-region resources and activation of crisis management plans to support critical business operations.
Bottom line: No matter what is thrown at you or your team, taking steps to ensure your important work can continue is critical.
RCH Solutions is a global provider of computational science expertise, helping Life Sciences and Healthcare firms of all sizes clear the path to discovery for nearly 30 years. If you’re interesting in learning how RCH can support your goals, get in touch with us here.