In a time of unknowns, InfoSec best practices remain unchanged
Photo by Prateek Katyal from Pexels (https://www.pexels.com/@prateekkatyal)

In a time of unknowns, InfoSec best practices remain unchanged

In security we always hope for the best, but spend a significant amount of time preparing for the worst. Our security team at LinkedIn is no exception. A few weeks ago, we decided to move the majority of our workforce to remote to protect our employees and communities. While our preliminary work gave us a running start, the actual implementation on a quick timeline was no easy feat as we needed to ensure our more than 16,000 employees around the globe remained secure in the transition.

Each company has its own needs and should tailor their security plans accordingly, but I want to share some insights that might be useful for you and your own information security teams. 

Here’s a few things that are easy to miss, but could be important for you:

Keep security approachable

When things are uncertain, it's important to remind employees of the things that are still constant, such as good security hygiene. Set up a channel for people to pop-in and ask questions within your chat service (Teams/Slack), hold virtual office hours via your video conferencing service.Think about sending regular reminders about how people can report security concerns. Help your employees understand what collaboration tools are available and what kinds of data they’re approved to handle. 

You may now be relying more on VPN, make strategic choices

Smart Split Tunneling is your friend. Many vendors allow you to select what kinds of traffic you send through your VPN. You can balance your risk by ensuring all the high bandwidth, yet low risk, traffic that people rely upon (Hey Netflix ??) gets routed out of your employees local internet connection and doesn’t consume valuable resources on your VPN infrastructure.

Accelerate your risk management processes

As everyone adapts their enterprise operations to this new work-as-unusual, security needs to move quickly to enable change in the way regular work happens. You can do this one of two ways, you can choose to blindly accept loads of new significant risk and hope for the best OR you can streamline your process for reviewing and approving risks. Making intelligent decisions about risk doesn’t have to take weeks. Using data and your knowledge of how the business operates, you can empower your risk teams to implement risk treatments that adapt to changing needs.

The biggest takeaway is: for the most part, it’s business as usual when it comes to security best practices during this unknown time. Your organization likely had many people that worked remotely or from the road already, now it’s time to scale that up. When so much else around us is changing, it can be reassuring that the fundamentals of good Information Security have largely remained unchanged.

Best practices are still best practices. We can do this.

Sarahlynn Nichols, CIPT

Customer Security and Privacy Assurance / Customer Trust Professional

4 年

One thing I hadn’t previously thought about in terms of a pandemic plan, which I once considered an HR area, is the direct impact in security as well. Split tunneling is one great example! Here’s another hypothetical situation: What if a company operates a clean room in a country that has asked businesses to close, or to severely limit people gathering? How do your clean room employees work securely from home? What if you had contractually committed to limit remote worker data access? I appreciate how this situation invites us all to think differently.

Mohak Shroff

Senior Vice President of Engineering at LinkedIn

4 年

Love the point about keeping security approachable. InfoSec absolutely needs to include the idea of enabling and empowering employees to be effective while embracing good security practice.

Preeti D.

Talent Acquisition Leader | LinkedIn Alum | DEIB Champion | Social Impact Champion

4 年

Thank you Geoff Belknap and entire Info Sec team for helping us transition successfully to WFH! ????

Olivia Rose??

Veteran Global CISO I Executive Advisor I Security Maturity Strategist I Results Enabler I Board Director I Diversity Cheerleader

4 年

Solid and highly-valuable recommendations from Mr. Geoff Belknap!

要查看或添加评论,请登录

Geoff Belknap的更多文章

社区洞察

其他会员也浏览了