Cybersecurity Protection in the Remote Environment

Three Steps to Increasing Cybersecurity Protections for a Virtual Workforce

As businesses continue to navigate the challenges that come with managing remote workforces and increasing technology demands, sound cybersecurity practices have never played a more important role. Since October is Cybersecurity Awareness Month, we thought it essential to reinforce the critical cybersecurity needs of today’s businesses and offer actionable guidance for companies to design and maintain the infrastructure and policy frameworks needed for a secure future.

Here are three critical best practices to review, enhance or implement to help optimize your business’s cybersecurity controls and protect company assets while navigating a remote environment:

  1. Update Your Written Information Security Plan (WISP). Have you reviewed your company’s WISP since the onset of the COVID-19 pandemic? If you are now managing a full or partial remote workforce, it’s more critical than ever to establish or update written protocols to keep sensitive company and customer information safe. Do you have specific guidelines for working remotely? Are employees permitted to use personal devices to access company files or applications? These and other guidelines should be addressed in your WISP and provide employees with a clear understanding of their expectations and restrictions when working outside of the corporate office.
  1. Review Data Privacy & Access Control Methods. Within your WISP, you’ll want to address key procedures and practices for safeguarding business, employee and customer data — and you’ll want to make updates to reflect any changes incurred due to remote working conditions. For example, do you require multi-factor authentication when users log into company systems from various devices? Is VPN access required for network file access? How are collaboration applications (e.g. messaging/chat rooms, video meeting rooms, etc.) secured and how are access controls handled when an employee leaves the company? Remote work could be the norm for your business for the foreseeable future, and data privacy and access control policies need to be thoroughly vetted and updated accordingly.
  1. Update Your Business Continuity Plan (BCP) and Disaster Recovery (DR) procedures. Managing a remote workforce introduces new layers of complexity in terms of safeguarding company devices, software and material. If you haven’t reviewed your BCP and DR plans yet in 2020, now is a good time. You’ll want to ensure they explicitly address how to keep the business operational in the event of an unexpected issue, and if your employees are remote, how they will be notified of such issues and their expectations for supporting customer initiatives. If your IT team is no longer working on-site, you’ll need a plan for keeping the corporate networks secured and ensuring backups can be easily and quickly accessed in the event of a disaster or unexpected downtime. Plus, don’t forget about testing your plans. Have you updated and practiced new testing scenarios that account for remote working variables?

Not sure where to start? A cybersecurity assessment is a logical first step and can help you effectively identify any gaps in your controls and/or weaknesses in your policies and procedures. Additionally, if you have key stakeholders, investors and/or a Board of Directors, you may want to consider a SOC for Cybersecurity audit, which will formally examine and validate your cybersecurity controls and overall risk management program.

Please connect with a member of MFA’s IT Advisory Team to get started and ensure your business’s cybersecurity practices can effectively support and protect your company in a virtual world.

Contact Us

Related posts
Retirement Plan Cybersecurity

Remote Working and Cybersecurity Considerations for Retirement Plan Sponsors

With a surge in remote working, plan sponsors need to think about protecting retirement plan…

Read More
COVID-19 FAQs: Nonprofit Orgs

COVID-19 FAQs: Nonprofit & Education

Here are some of the most frequently asked questions and resources to help nonprofit and…

Read More