SecurityHQ Update • 4 Mins READ
SecurityHQ Responds to COVID-19 Concerns
by Eleanor Barlow • Mar 2020
Concerning the growing COVID-19 virus emergency, SecurityHQ wants to personally provide some clarity and comfort regarding our services.
This document highlights our contingency plan, how we are monitoring and tackling the issue, how our clients will be affected, and to stress future actions.
First, we want to clarify that, despite the current uncertainties regarding COVID-19, our services, processes and technologies have not, and will not, faulter. We have sufficient bandwidth to cater for a significant reduction in staff headcount. Rest assured, all our operations will continue as usual. Providing the best possible service to our clients is our key priority.
How We Are Tackling The Issue Internally
Today, we are exercising controls to ensure that our teams’ exposure to the virus is reduced. As a result, we have enforced the following controls.
- All Analysts are checked at the start of each shift for elevated temperatures, using IR Scanners.
- International travel for SOC operations staff is restricted.
- Alcohol- based sanitizers are located in all areas of work.
- Hygiene training and policies have been communicated to all staff.
- During every shift handover, keyboards, mouse’s and other electronic devices are sanitized.
- All touchpoints, including door handles, coffee machines, lights and taps, are sanitized repeatedly throughout the day.
Remote Working
As a policy, we do not allow for home working for our core SOC team (L1/L2). But, in light of the situation, we are reviewing this policy, and enabling secure remote access provisions for selected staff on designated machines. This is in the event of an enforced containment lockdown, as seen in China. In preparation for this, we have provisioned additional remote access tooling, to assist with delivery.
In the event that transport links close down, provisions have been put in place to ensure that remote working will be feasible.
We have 6 operation centres, 4 of which can interoperate. In the event of a single location becoming seriously impacted, having a number of separate SOC’s provides us with the opportunity to spread operations across multiple centres.
Future Scenario Action-Plans
We have sufficient bandwidth to cater for significant reduction in staff headcount. As of today, SecurityHQ can sustain a reduction of approximately 20% of our workforce, without any impact to operations in any single SOC location.
In the event that our resources are significantly reduced to more than 20%, however, we are able to load-balance monitoring across multiple centres, and suspend non-essential or value added services in an effort to focus on core monitoring tasks. Clearly the priority shall remain on incident detection and response activities.
A large proportion of our team are involved in those value-added services and can be redeployed into core monitoring and detection tasks, which will allow us to sustain 24/7 monitoring.
Understanding Your Company
As COVID-19 spreads, it’s affecting our companies and communities in various ways. We understand that, in response to the current threats, many organisations have different plans and processes in place. SecurityHQ aims to work alongside you, as an extension of your team, so that business can continue as usual.
Key changes, that we are noticing with regards to our clients, relate to methods of communication. We understand that many of our customers will want to reduce face-to-face meetings, in preference of online/phone meetings, to reduce the risks of contaminating offices and spreading the virus to their teams. SecurityHQ are happy to conduct business this way and respect the choices of our clients.
We also understand that some of our client’s workforces may suffer, with regards to employees falling ill and being placed in isolation/self-isolation. Depending on the industry you are in, your services/business may very well be inflicted in different ways. In response, we are here to help you through this difficult time, to assist you where we can, and to continue business as normal. If your team is spread thin, and are struggling to maintain systems, we will provide you with as much support as possible, and act as an extension of your team.
Many processes can, in the worst-case scenario, be automated. We do not want to enable automated alerting, as this goes against the fundamentals of or SOC services. However, if this pandemic escalates to an extreme level, we can enable forwarding of offences in a raw format to provide very basic alerting. We do not expect to reach this point. This is an absolute worse-case scenario.
Emerging Cyber Threats
With any new threat, even biological, new cyber threats will become apparent. With the vast amount of circulated media coverage, misinformation, conspiracy theories, spamming and scaremongering regarding the virus, bad actors have an abundance of material to hijack. What’s more, as the virus is having an impact globally, targets are global, which means anyone, and everyone can be affected. We urge you to be vigilant with regards to phishing and malware attacks, presented in news, links, emails and adds, that claim to be coronavirus related. But, as usual, our SOC continues to monitor and detect any threats, old and new.
SecurityHQ wants to thank you for your custom and for trusting in our services. In uncertain times like these you need reliable, consistent and trustworthy services, and we pride ourselves on delivering this. Transparency is key. Together, we will continue to deliver, and expect to sustain operations, and to support you in any way we can.
If you have any concerns, want advice, or would like to talk to a member of our 24-hour response team, please contact us here.