A CISO's opinion on the Remote Working Cybersecurity Checklist
Date: 8 April 2020
How to make the cybersecurity checklist PDF work for your organisation?
Helen Rabe, Global CISO at Abcam, a company that provides biological reagents and tools essential in drug discovery, spoke to Amar Singh, Founder and CEO of Cyber Management Alliance about her views on the Remote Working Cybersecurity Checklist and what makes it such a handy and important tool for businesses and their employees.
The Remote Working Cybersecurity Checklist has gone viral and has already been downloaded over 8,000 times across the globe. The checklist was authored by CISO Amar Singh with active contributions from our global CISO community.
The two security experts discussed how different organisations can apply the cybersecurity checklist PDF to their specific businesses and operational models and make the relevant aspects of the checklist work in their favour.
“You were kind enough to put together something
so comprehensive and intuitive. It certainly
made my life easier & the IT Ops Director’s life easier.”
- Helen Rabe, Global CISO at Abcam
“Interesting, informative and salient,” is how Helen described the checklist. As soon as she discovered the document, she alerted the IT Ops Director of Abcam and helped him find a way to deliver the salient to-dos to the employees. While the IT Ops Director worked on the pragmatic aspects of the checklist in conjunction with the Security Ops team, Helen’s onus was to put the points in an intuitive format that employees could actually use.
Communicating Cybersecurity with Staff
Abcam has a corporate communications team that was already sending out a COVID-19 bulletin twice a week, curated as per different geographies and cultures. Helen and her team piggybacked on that central communication and reached out to employees about how they can work safely in their individual environments while also giving them a lowdown on basic cyber incident response and management practices. Leveraging the global communications report meant that the additional information about secure working didn’t seem like too much to the end-user.
From her personal experience, Helen and Amar shared some guidance for others looking at applying the cybersecurity checklist at their individual organisations. Here are some of their suggestions:
- One must figure out which points are applicable to whom and then make them work accordingly.
- After identifying the parts that work for the organisation, it’s advisable to add a narrative to it and beef up the value for the end-user.
- In this environment of remote working, there is a lot of potential for information over-load so it’s best to keep the salient points shared with the end-user succinct and informative.
Cybersecurity and Maturity
This discussion, then, brought up the question that Amar has been asked many times already - What if the organisation isn't mature at all. What if they aren’t implemented at all?
Helen shed some light on this subject: “Anybody who has all the points ticked off is in a very great place in terms of security maturity. That means they have their cyber incident response plans and their act together. But there are so many of us who aren’t there yet. There are many people who’ll look at the checklist and think none of the points applies to them or the actions they have taken as they just aren’t there yet. I’d say to those people that if you do find gaps, don’t panic. Focus on how you can optimise what you do have and bridge as much of that gap as you can.”
Download Cyber Management Alliance’s hugely popular Remote Working Cybersecurity Checklist here and distribute it amongst your employees to help them work securely.
You can also download NIST's technical Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security