In the wake of the COVID-19 pandemic companies are increasingly calling on employees to work from home. Hospitals, clinics, and doctor’s offices are preparing for massive infections, not only of patients but of healthcare workers. Colleges and Universities are sending students home en masse. Sporting events are considering playing in empty arenas. Airlines and other travel sites are suffering massive disruption.
Computer security to the rescue!
Yes, you read that right. A good deal of the effective response to the COVID-19 virus will depend on infrastructure. Reliable. Ubiquitous. Adaptable. Secure infrastructure. For years I have been arguing that we are thinking about information security all wrong. We think of it as a cost — something we are required to spend money on (money that would be better spent on other things like big bonuses, right?) and we have to spend that money to be “compliant” with some damned law or government regulation. HIPAA-HITECH. GLBA. GDPR. CCPA. NIST. PCI-DSS. FERPA. Name your regulation. If all you want to be is compliant, all you will be is compliant. Well thought out information security is NOT a cost. It’s an enabler. It’s what allows employees to get access through a VPN to sensitive files and documents remotely, without increasing (well, without substantially increasing) the risk that the sensitive data will be exposed. It’s what permits access to data on smartphones, iPads, or IoT devices. Security enables telework, teleconferencing, and online collaboration. It provides the infrastructure for collection and analysis of data, including data related to infections, spread, and containment. It helps identify and secure the entire supply chain, even if that supply chain is disrupted. Security enables consumer access to business online resources such as online ordering, communication, and consultation. If you are forced to work from home — at least for many industries — this can be done with minimal disruption (provided you still have Internet connectivity). In preparing for Y2K, many brokerages co-located facilities across the Hudson in places like Jersey City just in case there was a disruption on 1 January 2000. There wasn’t. A monumental waste of resources. Except that, on September 11, 2001, as the twin towers burned, the existence of colocation sites, hot sites and warm sites limited the disruption and allowed some business activity to continue. Cybersecurity includes cyber-resilience. And that’s resilience to all kinds of viruses — electronic and biological.
Certainly the COVID-19 disruptions will impact business, and good computer hygiene will not be a panacea. The Internet has its own supply chain which may be subject to disruption if there are massive societal disruptions. But, for the time being, the mere existence of a secure business connection can help mitigate some of the impact of a physical and biological disruption. Good computer security, including DR/BCP, data mapping, remote access, authentication and access control, perimeter security and the like enables us to respond effectively. So stop looking at security as a necessary cost or a necessary evil. It is an essential component of any IT deployment. And hey — let’s stay safe out there!
Mark Rasch is an attorney and author of computer security, Internet law, and electronic privacy-related articles. He created the Computer Crime Unit at the United States Department of Justice, where he led efforts aimed at investigating and prosecuting cyber, high-technology, and white-collar crime.