During this COVID-19 pandemic, many businesses are restructuring and closing some of their divisions and units. When it comes to closing a business unit, it is important to ensure that security is properly addressed and data is protected during the process.
Here are a few important tasks a CISO should ensure during closing a product line or business unit.
Get in the Loop Early
Including CISO in mergers, acquisitions and closure are very important. CISOs should revoke access, reclaim devices, withdraw IT assets, delete data from online services, terminate vendors, migrate legacy applications and data to new ownership during closing a business line. It is important to engage a CISO from the very start to prevent any breach of security.
Know What Data You Have and What Data to Destroy
The CISO should have full knowledge of the assets, hardware, data, and applications your organization has on hand. They should know the location of the data, who can access it, the values of data, and how they interact with applications. There should be proper control and monitoring in place for intellectual property, personal data, and user accounts.
Caging all the intellectual property in one place and restricting access should be done as soon as the closure of a business line begins. The CISO will revoke and turn off access to the system once the intellectual property is gathered in one place.
Decommission Assets and Terminate Relationships
Most of the business units have no IT asset recycling and disposal policies in place, which keeps them vulnerable to attacks. Cyber attackers can use these tools to withdraw the data at any point. The data on the devices need to be wiped off whether the device is sold, recycled, destroyed, or reused internally.
Firms should decide before closure whether to modify or retire elements, such as certificates, associate firewalls, logging, and monitoring, etc.
Identify Shadow IT
It is very important to identify and shut down the shadow IT, as it can keep the information exposed if business shut down is not implemented properly. The best way of identifying shadow IT is by taking inventory of software on the end-user devices. It will identify common shadow IT apps like Dropbox and Box.
The CISO can take various steps to identify what data is residing outside the control of the business. They can also uncover unsanctioned SaaS services that have been adopted outside the official procurement process.
Be Wary of Insider Threats
After the closure of business units, various employees can lose their jobs, and due to access to networks and devices, they might try to steal critical data and information. The CISO needs to revoke access to devices and networks as soon as possible. They need to reclaim corporate devices from users and monitor those employees for attempting data extraction.
With the layoff of a business unit the chance of having an insider threat is more likely. It is important to have clear communication between HR and CISO during closures. Before layoffs, it is vital to give advance notice and monitor your employees a week before and after the activity.