Another practice that has to be circumscribed is the widespread use of remote-control software, such as LogMeIn, Team Viewer and VNC. Currently, the company has no remote-access policy, so establishing one will be a priority, as will be educating users about the need to gain remote access only through our approved VPN client with multifactor authentication.
I also was able to determine that employees are using peer-to-peer applications, which are frequently associated with risks of copyright violation and introduction of malware onto networks. To deal with that, I'm going to want to get approval for a URL filtering service, which would also help protect against users visiting sites that are known to host malware. It might be even better to invest in a threat-prevention technology such as FireEye.
And so I'm on my way to establishing a security strategy and road map. I'll present my recommendations soon to the executive staff, assuming no more crises arrive unexpectedly over the Internet.
Sign up for CIO Asia eNewsletters.