Working Remotely During the Coronavirus Crisis? Flatten the Cybersecurity Curve with ERM
COVID-19 has created a paradigm shift in risk management. Businesses have transitioned to working from home in order to help flatten the curve of the pandemic — stressing their IT resources.
With this transition comes new cyberthreats. Enterprise-wide adoption of remote technologies, increased activity on customer-facing networks, and the reliance on web-based services are all new entry points for cyberattacks. For example, video conference privacy policies, such as those for platforms like Zoom, Google Hangouts, and Facebook Messenger, are now coming under scrutiny.
How can you reassess your cybersecurity choices and protect customer data within this new status quo? Incorporate cybersecurity practices into your enterprise risk management (ERM) program. The best way to do this is to start with a thorough evaluation of your current level of risk with the help of an ERM software solution.
Remote risks — the intersection of corporate and consumer assets
How can your organization be smart about this new working environment? The Cybersecurity and Infrastructure Security Agency (CSA) encourages organizations to adopt a heightened state of cybersecurity by taking key steps:
- Put in place secure systems that enable remote access.
- Utilize a Virtual Private Network (VPN) to connect employees to an organization’s network.
- Ensure the VPN and other remote access systems are fully patched.
- Enhance system monitoring to receive early detection and alerts on abnormal activity.
- Implement multi-factor authentication.
- Configure all machines with firewalls, as well as installation of anti-malware and intrusion prevention software.
- Test remote access solutions capacity and increase capacity to meet your team’s needs.
- Bring any business continuity/disaster recovery (BCP/DR) up to date.
- Increase awareness of information technology support mechanisms for remote workers.
- Update incident response plans to consider workforce changes in a distributed environment.
Other measures to take?
Beware of remote work that positions corporate assets and consumer-grade Industry 4.0 devices on the same networks. Internet of Things (IoT) devices — including interconnected smartphones, televisions, refrigerators, and virtual assistant AI technology within a Smart Home — aren’t designed with cybersecurity as top-of-mind. Putting your corporate hardware on the same Wi-Fi networks as these devices is like blood in the water for hackers.
In addition, HIPAA, GDPR, and other similar privacy laws are still in effect during the coronavirus crisis. You’ll need to confirm that remote environments comply with applicable laws, regulations, and standards.
But don’t jump the gun on cybersecurity choices. Most companies likely don’t have the resources to tackle all of this at once. First, you need to conduct a risk assessment to identify your greatest areas of risk — financial, liability, reputationally, and from a regulatory perspective.
Having a complete risk assessment can help you address the most important issues first and avoid wasted time, money, labor, and resources. Fortunately, professional-grade ERM/GRC solutions can meet your needs. Your organization will be successful at tackling not just cyber risk, but all types of enterprise risk.