During the U.S. Government shutdown of 2019, we were immersed in the news of the daily financial struggles of government employees, but the overall consequences reached much further than those individual workers. Many federal contractors—especially small businesses—suffered from the inability to pay employees or even keep the lights on. Many government operations themselves were affected, cybersecurity being one of them.
How might a shutdown, a furlough, or any unexpected financial hardship affect cybersecurity operations at your company? Here are five risks to consider:
1. Failure to Keep Logs from Overflowing & Losing Data
If you find that you need to reduce your IT staff, you’ll probably also find that their work is becoming reactive, with each of the remaining staff members doing the work of two or more. Log data is not widely considered as a pressing need and can often be forgotten even during normal times, so when you are short staffed, it may fall to the bottom of the IT to-do list.
Solution: Make time to check audit logs daily, even if it means teaching someone else to do it. When things are going well, set up your system to use consolidated audit logging with a dashboard that is easy for a less technical person to use.
2. Failure to Keep up with Patches
Even non-technical people who use computers know that their machines download and install critical patches each week. However, when they are sitting in laptop bags or powered off on their desks, those computers are not receiving patches and hackers know it.
The skeleton crews working in IT may also allow server patches to go uninstalled in favor of more public-facing work. Companies that are unable to be vigilant in keeping their patches updated risk being hacked once computers and servers are turned back on with known vulnerabilities still in place.
Solution: Prior to any financial hardships, designate a specific day of the week when patches are pushed to laptop and desktop computers. If you find out that your staff will be furloughed or otherwise not in the office, ask them to turn on those laptops that specific day and leave them on until the patches are pushed.
It would also be beneficial to designate a person who is in the office to turn on the powered-off desktops. For the servers, designate one IT employee to check for server patches one day per week and to oversee installing them.
3. Expiring Electronic Certificates
When do your website’s certificates expire? Who is responsible for knowing? If your company is suddenly having financial difficulties, is it possible that the one person who knows the answer will be away when certificate renewal comes around? A certificate that has just expired has still expired, and a website that shows expired certificates is an easy target for a hacker.
Solution: Find out NOW who is responsible for certificates and ensure there is a back-up person. Add the date of expiration to both employees’ calendars so they are both aware and it doesn’t slip through the cracks.
4. The Insider Threat
You may have been told, especially in the defense contracting world, to look for signs of an insider threat in your employees. This can include inadvertent threats (employees who will unknowingly go to malicious websites) or malicious threats (employees who joined the company strictly to gain access to your firm’s intellectual property). When your employees are not physically available or even working, indicators of these threats will go undetected.
Additionally, if your employees are not being paid, anyone who is a potential insider threat might become even more of one.
Solution: Keep in touch with employees who are not able to work during this stressful time. Send weekly messages letting them know what is going on so that they are not led to believe you have disappeared. The only way to ensure you are keeping up with your employees is to be the one who reaches out to them.
5. Letting Your Guard Down on Social Media
Furloughed employees may reveal something on social media regarding what company they work for and that the company is on a skeleton crew. Even people who are usually vigilant about not mentioning their company’s name on social media may become less aware when acknowledging a lack of work or reaching out to their network about new jobs.
Hackers aren’t taking the month off and they will take advantage of any information they can glean from the web. Simply finding your company’s name, what area of the country you live in and information about how few people are working could be the impetus for bad actors to turn to your company as an undefended target.
Solution: Remind your employees that their jobs are here for them and you’re doing what you can do to get them back to work, and then remind them that we’re all in this together. It can be beneficial to ask employees to keep their company name off of social media platforms like Facebook and Twitter.
If you don’t have a company policy in place for social media, you might want to consider creating one now.
Preparation is Key to Weathering the Storm
During financial hardships, it is easy to forget about the inner workings of your cybersecurity systems. After all, there's a good chance you are not thinking about them when they are in place and working correctly.
So now that you’re reading this, take a moment to take inventory. Financial troubles can come quickly and with minimal warning. If you need help, reach out to HumanTouch and let our cybersecurity experts work with you to build, test or improve your cybersecurity infrastructure.
It is also important to point out that during times of hardship like the government shutdown, inequities between management and employees can become more obvious than ever as employees who are paid by a contract stop work and managers who are not paid by a contract continue to receive pay.
At HumanTouch, the management teams solved this problem during the January shutdown by foregoing 1/5 of their pay, while the CEO gave up his pay for the duration of the shutdown.
Furloughed employees were brought into HT corporate offices to work on in-house cybersecurity tasks and corporate certifications allowing us to keep the company running, our cybersecurity strong, and our staff gainfully employed.
In times of financial stress, we encourage all management teams to follow our lead in putting your employees—your biggest assets—at the top of your priority list.