We know that coping with a pandemic is challenging, and we want you to rest easy in the knowledge that your data remains safe and well protected. Fortress, like many other companies, has shifted to a 100% remote and work from home scenario. Here are some of the things we are doing to keep you safe.
- Fortress has always been supportive of remote work. What this means is that many of the systems necessary to support remote work such as VPN or secure cloud services are really business as usual for Fortress and our employees are well-trained in their usage.
- Fortress has issued laptops to all employees complete with managed endpoint protection, security monitoring and full disk encryption. Upon connecting to the internet, VPN must be initiated through secure Fortress servers. All access to customer information is performed only from managed Fortress computers. All employees know to report any suspicious activity through the Fortress incident handling process.
- Fortress security operations teams have full access to monitoring resources and ability to respond to any cybersecurity event whether working in the office or remotely. Our business continuity plan is in effect and our executive team are closely monitoring the situation.
- Customer data stored in AWS enjoys the same protections it always has, and there is no need to export any data from AWS in a work from home environment. In fact, many of our customers with on-premise installations provision their own access for Fortress use, and for those environments such as Citrix VDI, absolutely nothing has changed from a remote workforce standpoint.
Fortress recommends you check with your critical vendors and suppliers, and discover what they are doing to protect your information, especially key areas such as:
1) Remote Access
- Do their VPN services have capacity to support their entire workforce?
- Is Multi-factor authentication enabled?
- Are computers assessed with compliance for antivirus and security updates before connecting?
- Are non-corporate managed computer assets permitted for use?
- How are their corporate computing assets protected?
- If they need remote access into your environment, have any IP address controls been re-evaluated due to office location changes?
2) Data Access
- What classification of data will your vendor have access to?
- In a move to remote work, will the storage of this data change?
- Will it need to be downloaded to vendor computers?
3) Business Continuity
- Is your vendor considering the life safety impacts for this pandemic event? How are they protecting their valuable human assets?
- What impacts on service levels will a move to remote work create?
- Can your provider continue to service you?
- Are there any critical services such as onsite servicing of equipment that cannot be performed remotely? What is the contingency plan?
- Do they have a business continuity plan (BCP), and has it been tested?
- Does their BCP include pandemic scenarios?
- Does their BCP include cybersecurity resiliency during a contingency such as remote workforce?
4) Incident Response
- Do you know what IP addresses your vendors are now connecting from and have you updated your baselines for what normal network traffic looks like?
- Do you know how to get in contact with your vendor if there is an issue?
- Do they have a documented incident response plan that includes remote work scenarios?
- Are incident response teams and security operations at full operational readiness or at reduced levels?
- How is active monitoring and response impacted?
As always, please get in touch if you have any questions or concerns. We can work together to keep both you, and your information, secure and safe.