We are truly living in unprecedented times as we navigate through this global COVID-19 crisis. While this is especially true when it comes to our health and safety, it also applies to the cybersecurity teams that must protect a workforce that in many cases has shifted remote practically overnight. What’s more, cyberattacks against certain types of businesses, like healthcare organizations, are warned to be on the rise.
Haworth, a global office furniture and home design company, has shifted to the majority of its employees working remotely due to the pandemic. I sat down with the company’s North American Privacy Officer and Senior Information Security Analyst Joe Cardamone to talk about how his role as security leader has changed during this time and what lessons he’s taken away to improve the company’s security strategy for the long-term.
What’s been the biggest thing that’s changed in your day to day work since this crisis started?
There’s obviously been a lot that’s changed during this crisis. Like many people around the world, I’m now working from home. I have been working both at home and in the office for over 10 years, with 5 years purely remote, so the experience is not new to me. However, there have been some definite changes. These are mainly around how my days are structured, and re-finding that work-life balance. I used to allocate half my time on projects, metrics, architecture, and other planning work. Now, I spend nearly 90% of my time supporting daily operations, firefighting, and working to support the agile needs of the business.
When it came to the transition to a remote workforce, what had to change inside of your organization?
Because we supply the healthcare industry, we are considered an essential business. In order to ensure the health and safety of our employees, a majority of our workforce has moved to remote work, a significantly higher amount than it was just a few months ago. Like many organizations, we’ve had to make a lot of technology adjustments in order to accommodate remote work at that scale. Some of these changes we’ve had days or weeks to prepare for, but other times we are pulled into meetings where we need to quickly assess upcoming changes and secure them the best we can. As a security organization, that means we need to be as agile as we can, while also making sure we are taking all of the necessary steps to effectively secure the organization.
For example, one common tool to secure remote work is a VPN. Our VPN usage spiked from around 200 to 300 connections a day before to 1,200 to 1,500 connections a day now. My job as the security leader in the organization is not only to provide access to this VPN, but also take the additional steps needed to secure the VPN. This where we are using the Forescout to help with device identification, user identification and enforcement on our VPN.
Besides the tactical aspects of enabling remote work, what strategic investments are you making at this time to improve your overall cybersecurity posture?
I think there is an incredibly rare opportunity right now to review all the devices online and understand them better. While most of our employees are working remotely, we are able to easily capture what is on our network and where, as well as review all the devices online and understand them better using the Forescout platform. This gives us a good idea of what those “always on” devices are, like building controls, IOT devices, and the like. When employees eventually return to the office, we can also get a better inventory of the devices that suddenly reconnect to the corporate network. In doing this, we can get a better baseline of what “normal” looks like for our corporate network, which will allow us in the long run to better spot anomalous activity that could be the sign of a cyberattack.
What are the biggest things you’ve learned from leading a security team during this crisis?
I would say the biggest lesson I’ve learned is that information security needs to ensure they have a seat at the table when it comes to pandemic or disaster planning and “agile” business moves when it comes to information protection. The business moves to protect the business. As a security leader, you have to be able to move faster to make sure their moves are as secure as they can be.
On a more personal level, I have come to appreciate more than ever my team. The people I work with are all absolutely top notch and their agility to support our business in times of crisis has been nothing short of remarkable.
To learn more, check out this webinar with Joe Cardamone, where he shares how they securely kept the business moving forward during COVID-19 while also creating an opportunity to evaluate and strengthen their orchestration policies.