What have you learned during COVID-19?
This is the essential question that has emerged over the last few months. From inspiring us to ask different interview questions to influencing our work-from-home procedures, our drive to learn from the pandemic has permeated all of our activities and planning. It has also influenced moments of pure self-reflection, as we all find ourselves asking this question as a paramount benchmark to the “new normal.”
Working as a cybersecurity professional in the Healthcare and Public Health sector, my experiences are a reflection of my environment during this extraordinary time. From seeing an increase in cyber activity across the industry, to adjusting to remote working conditions and perpetual uncertainty, while also embracing positive social justice calls to action, opportunities for change are numerous. As we stand on the precipice of transformation, reflecting on what I have learned during the pandemic has helped me identify five key priorities for the post-COVID era:
1. Resilience: Regardless of sector or responsibility, resilience planning in the form of disaster recovery and business continuity is a critical requirement. Yet, business and operational resilience are not the only imperatives. Team resilience and preparedness are skills that must be cultivated and prioritized, as well. Working in Security Operations, I am responsible for 24/7 support, as are my team members. Working from home, we juggle child and elder care, mental fatigue and the distant memory of that crucial and underappreciated commute that provided a break between worlds. Through this unprecedented time, we have learned the importance of team resilience and creating a work/life balance that provides 24/7 support, along with the mental alertness and fortitude necessary to respond to threats both as individuals and as a team. Taking the time to understand our capacity based on one another’s circumstances has helped us build greater resilience as a team, which will also serve us well long-term.
2. Preparedness and Integration: Preparedness must be a team sport. In cybersecurity circles we often discuss the necessity of combining emergency preparedness with cybersecurity planning and awareness. Our ability to respond is directly proportional to our preparedness. Gone are the silos where incident response plans were developed without integrating them into emergency preparedness or crisis management executive strategy. Cyber and emergency planning are business imperatives that are best accomplished by building a community of practice with cross-functional support. Often, creating hybrid and innovative roles, such as clinical and cyber specialists in hospitals, can accelerate the impact of creating cross-functional support. Purposeful workforce planning and encouraging diversity of thought and experiences are key to strengthening your organization’s preparedness and integration.
3. Diversity and Inclusion: The social justice calls to action echoing across the nation and heard around the world must reverberate across our leadership circles, as well, to help us cultivate diverse and inclusive teams. Only through diversity of thought, background, education, race, nationality, experience and other key foundations of diversity, will we achieve resilient, creative and prepared cross-functional teams. The only constant is change in this ever-evolving threat landscape. Adapting to change requires flexible teams that complement each other rather than teams who mirror one another in thought, approach and experience. While many recruitment teams now require hiring managers to seek out talented diverse candidates, that is only the first step. Inclusion mandates that our diverse and talented team members have a voice and a seat at the table. Organizations that will thrive in the post-COVID era recognize this requirement and are diligently working toward meaningful inclusion. In devoting ourselves to diversity, our teams will experience profound growth and achievement.
4. Resources: The community of practice necessary to achieve our goals and priorities can only be realized through partnerships, which require trust, openness and transparency. Maintaining strong partnerships between public-private information sharing groups and resources has never been more important, and the resources at our fingertips are plentiful. InfraGard has provided outreach and access to information and resources that are invaluable. Examples include:
· The Cybersecurity & Infrastructure Security Agency (CISA), which provides free resources that allow an organization to supplement or benchmark against standards, gain essential insights into best practices, penetration testing, risk assessments, program analysis, intelligence sharing, and more. Read more about CISA here: https://www.cisa.gov/
· The Cyber Health Working Group (CHWG) is an incredibly helpful and free resource of cyber professionals in the healthcare sector, providing ongoing support through a proven community of practice. At your fingertips are HC3 briefs, helpful advice and real-time threat sharing information, to highlight a few membership benefits. To learn more about the CHWG, go to https://www.intelligence.healthcare/
5. Pride: Lastly, I am proud to work in the Healthcare and Public Health sector, supporting the first responders, medical professionals, scientists, and the full spectrum of healthcare colleagues that have shone brightly throughout this pandemic. It’s an honor to contribute to this outstanding group of professionals. The lessons learned that will carry well beyond the COVID-19 pandemic are a reflection of our dedication to those who have sacrificed and gone above and beyond to support us through this time. We will continue to support them and demonstrate our respect for being a part of this great community by driving forward with each of the above commitments.
In closing, I encourage you to spend a few moments today reflecting on what the last several months have taught you and your organization. What have you learned during the pandemic and what are your commitments for the post-COVID era?