Addressing the security risks associated with remote working?
James Hopper, Chief Operating Officer of cybersecurity consultancy, Security Risk Management Ltd, explains why now is a crucial time to recalibrate your organisation’s business continuity plan and ensure that everything possible is being done to maintain good risk posture when your team are working remotely.
Even the best prepared and most risk aware organisations have seen their business continuity plans stretched to their limits in 2020. Very few companies would have made preparations for a global pandemic of this scope and scale, and it’s been something of a rollercoaster ride for both employers and employees in the UK over recent months. No matter what line of work you are involved in, Covid-19 will have affected your business in one way or another.
For the team here at Security Risk Management (SRM), it’s been encouraging to see how quickly and efficiently most businesses have handled the challenges presented by lockdown. Getting staff set up and ready to work from home in a short space of time is no easy feat. But thousands of businesses have made this transition successfully and, in many cases, managed to return to near optimal productivity.
By April 2020 the Office of National Statistics found that 49.2% of UK adults in employment were working from home. This means that organisations of all sizes and sectors throughout the country had managed to implement some sort of remote working model in an incredibly short period of time.
However, it’s important to acknowledge that now is not the time to pat each other on the back and toast a job well done. For those organisations that are either months away from a return to the office or have simply decided to make remote working a permanent fixture, it’s time to take stock of your risk profile. Now is the moment to revisit your business continuity plan so that you’re in the strongest possible position to face any future challenges that might present themselves.
What we have seen in the short term is that robust business continuity plans have enabled organisations to handle the upheaval – just as they would if they’d been forced to vacate their office due to a fire or a flood. Yet making long-term preparations for remote work is something that few companies have anticipated. As a result, there is a greater chance that basic IT, security, supplier and human resource factors may have been overlooked.
Organisations also need to be aware that this complete overhaul of working practices has created a host of new opportunities for hackers. It’s an unfortunate truth that cybercriminals are often more adaptable and responsive to change, enabling them to exploit the vulnerabilities inherent in lone working.
So, our business continuity consultants are now supporting organisations to address the security risks associated with the remote working model?
Align your security practices to the “new normal“
There is no blueprint for the “new normal”. But it’s safe to say that now is the time to be more rigorous in your approach to information security than it ever was when your team had IT or Information Security (IS) staff on hand, in-house. A greater level of joined up thinking is required with more training and simulation exercises to keep a disparate workforce functioning cohesively and securely.
It’s also a great time to get the fresh-eyed perspective of experienced professionals who can objectively challenge your approach to information security and help you implement changes that reduce risk and improve data protection.
Don’t be afraid to seek help
With business continuity as a priority, it’s crucial that businesses get the right input and guidance to improve resilience quickly. All too often, asking for help is perceived to be a weakness. And business operations, processes and procedures are seen as a matter of pride. But being dogmatic to a certain way of working doesn’t contribute towards the long-term success and resilience of a business.
Instead, we simply need to acknowledge that we find ourselves in a situation few could have prepared for. Pragmatic business leaders should recognise the value of professional expertise in helping them re-model their security in line with changing practices. Even experienced IS teams will benefit from expert external guidance.
Follow a framework
Following a recognised framework like ISO 27001 (whether to meet contractual obligations with a third party or otherwise) will help you to recognise and address the challenges of the remote working model, but it will also demonstrate that you take the security of your data seriously. At a time of uncertainty, being able to showcase your commitment to safe, rigorous working practices can give you a competitive advantage over those that don’t.
It is likely that the Pandemic has highlighted a few weaknesses in your business or perhaps hinted at areas in need of improvement. If that is the case then now is the time to build these into your business continuity plan and information security policies. This, in turn, will help to ensure that you are prepared and positioned to respond swiftly to any future crisis.
If you’ve realised it’s time to revisit your business continuity plan or review your information security risk posture, get in touch with the expert team at SRM here.
This was posted in Bdaily's Members' News section by Security Risk Management .