COVID-19 has reshaped our world and redefined how nearly every organization conducts business. A mass shift of employees from corporate office buildings to home offices in March caused business owners to reevaluate human resource and IT policies including work from home, BYOD, travel, sick leave, family leave, and many more. Human Resource Directors and CISOs are scrambling to ensure all employees have what they need to continue business as usual during this most unusual time.
Ensuring business continuity is paramount at any time but especially during a crisis. Every organization should have a basic business continuity plan in place to help employees fulfill their roles in the event of a crisis. This business continuity plan should also include a methodical system to help identify and prevent threats, and detail how to recover quickly from those threats.
No one could have predicted the current economic state, so chances are most business continuity plans don’t include a section detailing what steps to take when the office buildings are completely shut down and all employees are forced to work from home. As a result, revisions should be made now to your business continuity plan to update it for the potential onslaught of breaches that can occur during an international health and economic crisis.
Enhance Your Plan
A crisis such as a pandemic is a breeding ground for hackers who are experts at playing to the fears of your employees to gain unauthorized access to systems and information. Update or revise your business continuity plan now to include the following pandemic-related threats:
- Threat: Hackers pose as an expert source of information on the pandemic, such as the US Centers for Disease Control and Prevention, and email your employees.
While phishing is not a new threat, it can run rampant during a pandemic. Impersonation email scams focused on COVID-19 feed into the fears of people clamoring for information. These emails might contain attachments or embedded links that download malicious software onto employees’ computers. Malware such as this can give cybercriminals access to passwords, personal information, financial data and more.
- Threat: As millions of employees work remotely, businesses are forced to relax access to systems and applications, opening the way for cybercriminals.
Organizations need a means to cross-check against aggregated threats to their own websites and applications through continuous monitoring of Internet-facing assets. Software that instantly flags unauthorized access by a potential intruder and alerts your cybersecurity team and the CISO can prove to be invaluable during these times.
- Threat: If you’re opening up access to systems and applications for employees working from home, chances are your third-party vendors are too.
As you update your business continuity plan, ensure your third-party vendors do the same. Once we resume “business as usual,” reevaluate your vendor security questionnaire and check for questions related to unforeseen circumstances, such as those we’re experiencing now. Look for ways to automate your vendor risk management program to ensure that a plan is in place and reduce errors so that your business can get back up to speed fast.
- Threat: Employees using a personal computer and not a company-approved and protected laptop can introduce a single point of failure.
For many employees, working from home may be a new endeavor. Those without a company-approved laptop are forced to use their own personal computer, which typically doesn’t include network access controls and might not include basic antivirus software. Future state should require all employees, regardless of whether they typically work from home or never do, to have an authorized and updated laptop to access the VPN.
As we’ve all seen, pandemics open up a new world of threats to both people and businesses. Without a vaccine, the threat will continue for people, but you can create your own business “vaccine” through careful planning, procedure evaluation, and security checkpoints. Building business resiliency against breaches and threats has a renewed urgency now more than ever, and by carefully scrutinizing your own and your vendors’ plans, every business can be more resilient to threats now and in the future.
Complete this form to receive a personalized walk-through of ProcessBolt and learn how we can enhance your organization’s third-party risk management program amidst the pandemic.