Memo to CIOs: Your next security crisis may have nothing to do with cyber attacks
I must admit I’m as much to blame here as anyone. After all, I’m the head of a company that prides itself on offering security appliances that will halt any nefarious intrusion to an organization’s IT network. What often gets lost in the process, however, is dealing with indirect security and access issues that can bring down a system without firing a single cyber attack.
Take the current Swine Flu crisis. Federal, state and local health officials were all over the public airwaves at its outset cautioning people who were sick to stay home and isolated from others in the hopes that doing so would slow down the spread of the disease. Many took these recommendations seriously by telecommuting from home for extended periods of time, and undoubtedly stretched some organizations’ virtual private networks beyond their capacity, hampering productivity, sales and customer service in the process.
Moreover, it doesn’t take the dramatic events of a pandemic to cause similar disruptions. Traffic accidents along major freeways or mass transit systems as well as severe weather conditions like wildfires or hurricanes can mean a significant increase in the number of employees who physically can’t get to work. So while these individuals may not need regular remote access to their company’s IT networks, offering them such in a crisis can be the difference in an organization’s ability to meet their projected quarterly earnings or not.
So while I am by no means advocating that CIOs and CSOs lighten up on their traditional computer security initiatives, I do believe that even the very best efforts will not mean networks won’t succumb to demands beyond their capability. This is why disaster recovery plans that support an unexpected surge of remote or displaced employees at times when getting to or accessing the office isn’t feasible are so critical for organizations to develop and implement. Of course, doing so must happen without reducing the IT network’s security posture.
What’s more, organizations should not have to go at it alone, but rather enlist their system integrators and product vendors to help make this happen. The best partners are the ones who should have offerings that specifically meet this demand. They should also have an arsenal of best practices to provide companies with lessons learned from others. Reinventing the wheel does no one any good – the organization, the solutions provider nor the employee.
So while companies can’t predict the future, they can be certain that the future will hold unforeseen challenges and circumstances. CIOs and CSOs can stay ahead of the curve by developing plans and identifying resources that can help adjust to situations beyond their control. For it’s not a question of if such an issue will occur, but rather when.