Three Steps to Increasing Cybersecurity Protections for a Virtual Workforce
As businesses continue to navigate the challenges that come with managing remote workforces and increasing technology demands, sound cybersecurity practices have never played a more important role. Since October is Cybersecurity Awareness Month, we thought it essential to reinforce the critical cybersecurity needs of today’s businesses and offer actionable guidance for companies to design and maintain the infrastructure and policy frameworks needed for a secure future.
Here are three critical best practices to review, enhance or implement to help optimize your business’s cybersecurity controls and protect company assets while navigating a remote environment:
- Update Your Written Information Security Plan (WISP). Have you reviewed your company’s WISP since the onset of the COVID-19 pandemic? If you are now managing a full or partial remote workforce, it’s more critical than ever to establish or update written protocols to keep sensitive company and customer information safe. Do you have specific guidelines for working remotely? Are employees permitted to use personal devices to access company files or applications? These and other guidelines should be addressed in your WISP and provide employees with a clear understanding of their expectations and restrictions when working outside of the corporate office.
- Review Data Privacy & Access Control Methods. Within your WISP, you’ll want to address key procedures and practices for safeguarding business, employee and customer data — and you’ll want to make updates to reflect any changes incurred due to remote working conditions. For example, do you require multi-factor authentication when users log into company systems from various devices? Is VPN access required for network file access? How are collaboration applications (e.g. messaging/chat rooms, video meeting rooms, etc.) secured and how are access controls handled when an employee leaves the company? Remote work could be the norm for your business for the foreseeable future, and data privacy and access control policies need to be thoroughly vetted and updated accordingly.
- Update Your Business Continuity Plan (BCP) and Disaster Recovery (DR) procedures. Managing a remote workforce introduces new layers of complexity in terms of safeguarding company devices, software and material. If you haven’t reviewed your BCP and DR plans yet in 2020, now is a good time. You’ll want to ensure they explicitly address how to keep the business operational in the event of an unexpected issue, and if your employees are remote, how they will be notified of such issues and their expectations for supporting customer initiatives. If your IT team is no longer working on-site, you’ll need a plan for keeping the corporate networks secured and ensuring backups can be easily and quickly accessed in the event of a disaster or unexpected downtime. Plus, don’t forget about testing your plans. Have you updated and practiced new testing scenarios that account for remote working variables?
Not sure where to start? A cybersecurity assessment is a logical first step and can help you effectively identify any gaps in your controls and/or weaknesses in your policies and procedures. Additionally, if you have key stakeholders, investors and/or a Board of Directors, you may want to consider a SOC for Cybersecurity audit, which will formally examine and validate your cybersecurity controls and overall risk management program.
Please connect with a member of MFA’s IT Advisory Team to get started and ensure your business’s cybersecurity practices can effectively support and protect your company in a virtual world.
Material discussed in this communication is meant to provide general information and should not be acted on without obtaining professional advice tailored to you or your company’s individual and specific needs. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used by any person or entity, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. This information is for general guidance only and is not a substitute for professional advice.
The information contained herein should not be construed as personalized investment advice. Investment in securities involves the risk of loss, and past performance is no guarantee of future results. There is no guarantee that the views and opinions expressed in this document will come to pass. Historical performance results for investment indexes and/or categories generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. There can be no assurances that your portfolio will match or outperform any particular benchmark.
Information presented was obtained from sources deemed qualified and reliable; however, MFA makes no representations as to accuracy, completeness, suitability, or validity of any information within this communication and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Any forward-looking statements are believed to be reasonable; however, MFA gives no assurance that such expectations will prove to be correct.