As C-level leaders, is your team prepared to work remotely SECURELY?
The Coronavirus (COVID-19) has impacted communities, events, travel, and the economy. It’s also impacting data and cybersecurity in your business! It’s one thing for an employee to work from home two days a week. It’s another thing for ALL employees to work from home for an extended period of time. The question you have to answer as a C-level leader is whether your company can withstand remote working indefinitely AND still maintain the confidentiality, integrity, privacy and availability of data?
Here are the top three considerations for C-level leaders to NOT let the Coronavirus impact data and cybersecurity in their businesses.
1. The Importance of a Business Continuity Plan:
- Do you have a full Business Continuity Plan in place today? Perhaps, you have a Disaster Recovery Plan for your information systems? When was the last time that Plan was reviewed and updated? Like with cybersecurity, C-level leaders have a tendency to wait to implement these Plans until there is a pressing matter that requires them to do so. For example, a cybersecurity incident, a regulation, a natural disaster, or even a pandemic!
- Do you have an employee who works with a company critical system that is out and not able to perform their daily functions? If that occurred who is their back up and how will your company continue to operate?
- Taking steps now to document what challenges are occurring, to update or create your Plan, is a way to prevent these same challenges in the future. The good news is you can start today.
2. Teleworking securely: Are we ALL actually able to do this SECURELY?
- This is a difficult time to realize that you have a legacy finance system that makes it hard for an account payable employee to do their job while working remotely for an extended period of time.
- How is your VPN – virtual private network? Is your team able to connect to your intranet securely? Are they able to access company or client data in the most secure way?
- What if your employee needs to print confidential data? How do they do that remotely?
- Are you all communicating quickly and efficiently with the communication tools in place? For small companies a secure text may work, but what about 50+ employee organizations? Having a secure messaging system that can communicate with employees efficiently, and consistently, with the ability to receive responses is critical.
- Authentication: Is there multi-factor authentication for ALL systems? These are all things that need to be considered and enabled.
- BYOD – Bring Your Own Device: Are your employees working on their personal devices with confidential company documents or client data?
3. Should we wait until this virus settles before we do more on cybersecurity?
- There are “already” so many things to do, so why add cybersecurity or continue to execute cybersecurity best practices if it “makes our job harder?” I am sure no company will get a “pass” by a regulator or client, if they have a cyber breach and the company says “Yeah, but our employees had to work from home because of the coronavirus,” or “Did we really have to meet the deadline for the NY Department of Financial Services regulation or NY SHIELD Act during the pandemic?” This type of thinking will only keep you in fantasyland. The truth is…this is hard, the hackers don’t stop. For C-level leaders, this is what it means to run a business in 2020 and beyond.
The sad truth is there is not a “one size fits all” approach to cybersecurity when suddenly ALL employees are working from home during an unexpected event. Though there are similarities in securing systems and data a tailored approach is needed.
As a C-level leader, you don’t want to make your Compliance leader or HR leader’s job harder than what it needs to be. Putting the team first during this time means making their job easier, which means making your job easier. Neglecting cybersecurity or data protection during this time is a recipe for failure and, other than a sick employee, the last outcome you want as a result of this pandemic is a data breach.
Jessica Robinson, CEO of PurePoint International, and works as a Virtual/Outsourced CISO to middle market business in financial services and insurance. You can reach her at firstname.lastname@example.org.