Teleworking and COVID-19: 4 ways to avoid cyberthreats
by Mark Banks and Kyle Taylor
Every company needs an emergency preparedness plan. The COVID-19 pandemic made that painfully obvious, but the resulting shutdown also highlighted the need for those plans to address heightened cybersecurity threats when employees must work remotely.
If your company was not ready for the cybersecurity aspects of remote operations, it is time to prepare for the next event.
The IT basics of emergency preparedness
Every emergency preparedness plan varies depending on the size, location, and overall structure of the entity. Regardless of these factors, every plan should include provisions that ensure a smooth and safe transition to remote operations. These include:
- Information technology inventory: This listing creates a snapshot of laptops, wi-fi hotspots, routers, and other essential electronics on hand.
- Business continuity resource listing: When emergencies disrupt the supply chain and send operations across scattered sites, will you know where to obtain rudimentary business essentials like printing paper, pencils and pens, and notepads.
- Vital business records backup: Store original or backup copies of essential documents safely off-site, to ensure continued access.
- Risk assessment: A formal risk assessment conducted before an event occurs can provide a data-driven blueprint for making informed decisions.
4 tips for guarding remote workplaces
Teleworking was gaining popularity before the pandemic, but the suddenness of the coronavirus lockdown has left many businesses struggling. Even better-prepared companies are shoring up their cyberthreat defenses as hackers probe for advantages among the influx of online workers.
These four steps can strengthen an entity’s cybersecurity defenses across remote locations:
1. Continually evaluate your IT infrastructure
To make critical decisions at a moment’s notice, you need to consider all possible outcomes, so it is essential your organization plans for how it will react to various scenarios. Planning is different for every industry and business, but the key is envisioning best and worst-case scenarios
Once you identify these scenarios, we recommend performing dry runs to see whether you, your employees and your entity can handle them. These exercises allow you to identify and address gaps and time lags before a real emergency.
Your plan should include decision-making parameters for IT and other computer-related applications – for instance, the question of appropriate platforms for virtual meetings. If sensitive or proprietary information is being discussed, ensure the virtual meeting platform has stringent security measures in place.
2. Continually monitor your IT system
When a business’ 100 employees are in the office, the surface area of risk is mainly limited to the in-house IT system. When those 100 employees work from their own networks and routers, they give malicious actors 100 vulnerable channels to probe.
Since remote work may put you and your entity’s information at heightened risk of compromise, continuous monitoring, training, and communications from leadership will help prevent and detect new instances of cybercriminal activity.
3. Ensure constant and effective communication
Working remotely could increase the number of emails received by employees, exposing them to a higher risk of phishing and malware attacks. They need to understand why they must remain vigilant and how to do so because a single crack in security can shatter an entire system. Consider hiring a cybersecurity company and conducting periodic employee training as a refresher, especially during work-from-home episodes.
4. Make sure your vendors are careful with your data
Your third-party vendors should have controls in place during their ordinary course of business, but they, too, could face heightened risks when employees work from home.
Depending on the size and relationship of your service provider, it is crucial to stay as informed as possible on measures the vendor takes to protect the information of your business, employees, and clients. It is incumbent on you to make sure the vendor’s priorities and system security are aligned with yours and not putting your operations – and client or customer information — at risk.
Bottom line
Cybersecurity is an extraordinarily complex matter, made more complicated with every crisis and business disruption. Now is the time to make sure your business is fully prepared to protect its systems when employees work remotely, whether by choice or mandate.
In addition to guarding against cybersecurity threats, successful teleworking requires well-thought-out policies and clear guidelines. For instance, should workers maintain the same work hours at home, or can they perform their duties on their own schedules?
After the pandemic lockdown lifts, your business may consider incorporating teleworking to some degree in permanent operations. If so, it is essential to integrate cybersecurity implications and emergency preparedness in your policies as you revise them.
Boyer & Ritter’s Forensic, Litigation Support, and Consulting Group regularly performs process maps of all business essential processes. A thorough process map can help identify gaps in accounting, management, review, controls and many other processes. Contact us to work with your team and help guide a review of company plans and policies, positioning your business to step with confidence into the future.