By Steve Durbin, Chief Executive of the ISF
While it’s time to embrace the flexibility of remote working, it’s also crucial to recognize the associated risks. Think about new technologies that can secure remote environments.
Steve Durbin, Chief Executive of the ISF
With the pandemic precipitating a health crisis that continues to threaten the global economy and the real possibility of a sustained recession, businesses are facing some tough choices. Cyberthreats are an ever-present and growing danger, with state-sponsored hackers and criminal enterprises engaging in increasingly sophisticated malware, ransomware and phishing attacks.
To tame the uncertainty and reduce the negative impact of all this disruption, professionals of all stripes should be aware of the cyber challenges up ahead.
To prosper in the face of a financial crisis requires resilience. Cybersecurity is critical in enabling businesses to survive substantial operational upheaval, especially with data dispersed to the far reaches of the earth. It’s crucial that information is secure, trade secrets are protected and customer data is safeguarded. Review your resilience strategy, assess what you’ve learned from the pandemic and think about how to improve.
Are the technologies and initiatives rolled out over the past few months properly secured, and, if not, what can you do to secure them? Consider the framework, policies and procedures. Think also about how to handle a return from a bring-your-own-device policy to a centralized approach to business. Show management that you can be one step ahead of the game and affirm the value in cybersecurity.
Identifying The Biggest Risks To Your Business
Employ a standardized methodology to assess threats. Consider potential vulnerabilities in existing controls and new controls that were implemented on the fly. Assess the malicious actors your business is likely to face over the next year or so. Examine new technology, proposed projects and personnel changes. A rigorous approach to risk assessment is needed. Ultimately, the goal is to provide key stakeholders with a clear picture of the major risks to the business so they can make decisions about how to allocate limited resources.
A risk-based approach to compliance is essential. A key question here is: What can you implement effectively? While there might be some leeway in certain areas, the pandemic hasn’t halted data breaches or prevented hefty noncompliance fines from being levied. The distributed workers, systems and customers across your organization must comply with security standards.
Check in with regulators to see what they think of your processes and systems. If you plan to introduce a new form of data processing, ask regulators about it in advance. Assess your performance against different industry standards and frameworks. Try to condense compliance requirements into smaller, more manageable pieces. Look at the greatest risks and apply that risk lens over your entire approach.
Securing The Remote Workforce
Working from home is a new reality, and I believe it’s here to stay. Employees who were trusted with the security of their devices, data and trade secrets in an office environment are now also trusted with them at home. While it’s time to embrace the flexibility of remote working, it’s also crucial to recognize the associated risks. Think about new technologies that can secure remote environments. Get staff trained to recognize some of the latest phishing techniques, and ensure security principles are not forgotten.
Managing Supply Chains
As you continue to innovate across physical and digital borders, consider how to manage your suppliers of information. Supplier relationships are becoming more complex and varied, exacerbating existing issues and creating new problems. New products and services must be secured properly. Assess suppliers, set short-term goals that target the greatest risks, and get security involved in newly developing procurement processes.
Achieving More For Less
The cold, hard reality of the current state is that budgets can and will be slashed for some organizations. Find potential efficiency gains, bring more outsourced roles in-house, and assess supplier functions to see what you might do internally. This may require reskilling or talent acquisition, but if it’s an opportunity to reduce costs, it needs to be considered. Don’t be afraid to rethink noncritical services. If something’s not being used, don’t be afraid to ground it. This is a good opportunity to rethink parts of your business and consolidate how you work with suppliers.
Focusing On Core Critical Systems And Capabilities
Identify the crown jewels of your business, and protect that core. These core products and services must be properly supported by technologies and systems that are resilient and capable of managing them. Ensure preexisting systems have continuity in place and the confidentiality, integrity and availability of critical information are maintained. Review processes and procedures to refine and consolidate, and even reimagine how best to handle information.
Facilitating Business Objectives
Take time to understand business objectives and prioritize business-critical projects. Establish a route to escalate when required so when innovative projects need to skip the queue, there’s a process attached that handles it as a security function with a consistent, industry-accepted approach. It’s vital to keep pace with the business, but don’t compromise on security, supply chains or compliance in the process.
As organizations try to prioritize the funds available to them as the financial downturn begins to bite, business professionals need to rise to meet the challenges ahead and chart a course for a healthy and successful future.