I recently interviewed several CSOs and CISOs from the financial services, tech, healthcare, media and other industries to see how they were managing through these turbulent times. Below are the questions I asked them and a summary of their collective wisdom and best practices. While I would love to give these experts all the credit they deserve, all of them spoke on the condition that neither they nor their organizations be identified publicly.\nWhat is your greatest security concern right now?\nThe collective response to this question is that security executives are most worried about the increase in phishing campaigns and fraud, especially with distracted employees who aren\u2019t as diligent with security hygiene while working from home. As one executive stated, \u201cMy greatest concern right now is social engineering resulting from cyberattacks on people wherever they are. High stress means reduced cognitive functions, so attackers may find it easier to do social engineering, which opens the door to everything else.\u201d\u00a0\nOther major concerns include mitigating the impact of an increased attack surface and the need to enhance remote access controls to make certain organizational security levels are met despite a large majority of employees working remotely. For example, one executive further explained that she was most focused on mitigating the impact of this increased attack surface, particularly enhancing remote access controls such that the organization would be secure even if 100% of the employees were now remote. Enhancements to firewall, NAC, DLP and other solutions were required. Vendor risk also was a much greater concern for this executive, with third parties potentially now more vulnerable.\nWhat have you done differently since the outbreak began?\nOne CISO summed it up best, \u201cWe\u2019ve been in execution mode. Crisis management and resiliency execution versus planning.\u201d \u00a0\nIt is clear that for these executives, the first necessary step in this tactical mode has been communication; in fact, many CISOs and security teams have communicated to their constituents more in the past one and a half months than they have perhaps ever done previously. One executive stated, \u201cWe have communicated best practices for securing EVERYTHING from corporate collaboration apps to Zoom for the kids\u2019 schoolwork to securing home networks. My communications to help executives and Board members maintain confidence and employees adapt to new conditions has exceeded all my communications plans from last year. There is still much more to come.\u201d\nBeyond the ongoing critical communication process, enabling and securing a 100 percent remote workforce has been job one for these executives. This is a big difference from the way that most organizations were operating on March 1st. Now VPNs and remote desktops are required, along with a workflow change for employees more familiar with on-prem work at desktop workstations.\nIf you have furloughed employees, how are you managing their security access?\nWhile most of the executives have not had to deal with furloughs yet, there was recognition that when confronted with these unfortunate situations, the employees would have to have both their physical and logical access terminated. A furloughed employee would be treated exactly like a terminated employee, until they returned to work.\nAs one CISO mentioned, \u201cThe patchwork approach to onboarding and offboarding employees across our company puts us at risk of lingering access for terminated employees or contractors. We\u2019re actively at work on an automated solution. This is a concern that predates COVID.\u201d\nAre you coordinating with other security leaders in the industry?\nMost of the executives had discussed the current situation with their peers, other executives, strategic vendors, government interfaces and other experts. However, a small number had only spoken to others in their own organization, without leveraging the insights of their external peers. Frankly, I\u2019m surprised that less than one hundred percent of CISOs and CSOs have leveraged the insights of their external peers.\nHow will the pandemic change what you do moving forward?\nMost organizations have realized that WFH can maintain an acceptable level of productivity and expect it will become more commonplace as we navigate past the initial COVID-19 crisis. However, there was disagreement on the level of productivity. While many claimed there was little to no impact, one executive stated, \u201cthe pandemic requires me to assume that people can do less because they are stressed, distracted or delivering unplanned work. We will not plan for resources to operate at 100 percent utilization as we all have families, personal health and other things to manage through during these times.\u201d\nPost-pandemic, there will be a continued focus on providing secure remote access to a large percentage of workers. One CISO commented that remote workers could be their largest employee population even after the virus threat is over. As part of this longer-term trend, executives will need to invest in new access and security platforms to allow their employees to be as productive and secure at home as in the office.\nOnce some employees do begin returning to the office, CSOs believe that there will need to be new technology-based solutions to monitor and manage social distancing, disinfection processes and elevator access. There may be opportunities for new companies to take advantage of this evolving market dynamic.\nDo you have any advice or lessons learned that may not be obvious to your peer group at this time?\nA couple of interesting bits of wisdom that were shared:\n\nNo company should have their critical data stored in their own facility \u2013 it should not house the finance system, the email server, the corporate file system or the HR platform.\nWorkers should be able to choose their work environment, whether the office or remote\nThe office should be simply thought of as \u201ca place with Internet access where people can gather in person.\u201d And while many workers may choose the office as their work environment, going forward it should not be out of necessity.\nFind ways to take care of yourself so you can be a better help to others. This is more important than ever. As one executive elegantly stated, \u201cManaging your energy to serve others has always been key, but now it is more important than ever.\u201d These are words to live by.\n\nIs there any product or service that given the new normal you wish you had bought or are in the process of purchasing?\nMost of the CISOs felt that while they have the right tools in place, there is a need for enhanced or expanded secure edge products or solutions. As one CISOs stated, \u201cLarge numbers of our employees spend their day on tower machines in the office. Of the many options available for facilitating WFH for that crowd -- working from their personal machines is not viable. It represents too much risk in terms of data loss and potential lateral attacks. Company-purchased, imaged, secured, configured, workstations (laptops) are vastly preferable. Having a ready supply and a reliable supplier is essential in a world where the supply chain is crumbling.\u201d\nAnother consideration is MDM (mobile device management) needs, as well as better remote-control capabilities for on-prem solutions that have yet to migrate to the cloud. The executives who are already leveraging more cloud-based solutions felt they had less work to do going forward than their peers.\nConfidence abounds\nThe world has changed considerably in the past two months, and the security landscape has shifted accordingly. CISOs recognize that many new solutions and processes need to be adopted to securely operate in this new environment. Fortunately, the conversations I had with these industry leaders makes me feel much more confident that our financial systems, tech industry, healthcare providers and other industries can meet the current challenges and adapt to those that are yet to come.