With most of us now required to work from home, the facilities that allow us to work remotely are becoming essential.
Outages of important services have the potential to cause financial harm to individuals and the wider economy, and these services will need to be prioritised in the event of remote-access issues. It won't be plain sailing, but having an effective framework in place, with strong contingency planning, will help to protect customers and support a return to business as usual.
Strengtheningyour remote-access facilities is vital, since local broadband services will be struggling with the increased pressure of constant use. Can your team download files to work offline?
Pausingroll-outs of new software and hardware may be necessary for teams to concentrate on supporting the stability of existing services. Will you be able to pause and then resume roll-outs when the time is right?
Working from home creates an increased cyber security risk, particularly when home networks are connected to various unsecured devices. Are your teams using devices that aren't secured for remote working or unauthorised, public software to engage with clients in ways you didn't expect?
Managingthe IT risks, such as those related to cyber security breaches, data loss as well as broader IT resilience, is critical at this time. Do you have appropriate governance and are you monitoring processes so that you know quickly when an IT risk is realised?
Actions to consider
Look at the technology that your firm is using, both authorised and otherwise. Understand how your IT environment is being managed and how potential risks, such as data loss, are being monitored. Does your tech fill all your needs? Are remote back-ups as comprehensive and retrievable as on-site?
Data protection laws do not apply when sharing information about the spread of the pandemic with healthcare agencies, but that doesn't mean you have free rein. Check your cloud and remote-access systems has been configured properly and make sure you know who is responsible in hosted environments, such as IaaS and SaaS. Are you security policies being enforced and tested regularly?
Are you thinking ahead to after life has returned to normal? Will you be able to roll back all the measures you took to get by during the emergency? If you relaxed security, are you able to monitor transactions when you reinstate segregation of duty controls?
Consider these questions
Does everyone in your workflow have what they need to carry on their work in isolation, including a formal remote-working policy to secure your systems?
Are processes in place to fill the gaps that could be caused by mass absences?
Is your regular security testing continuing, including external reconnaissance, penetration testing and key outsourced systems?
Are your cloud security, your VPN requirements and access rights configured for home working?
Can data analytics and other techniques be used to enhance risk and control effectiveness?