To accomplish social distancing while maintaining operations, most businesses are going online. Remote working is completely new to many, while working exclusively from home is a huge change for most people.
The demands we are placing on remote-working technology to support this are extensive, both in terms of capacity and security. Businesses that are able to manage digital risk while providing stability may come out on top.
Stabilisingservices across your networks is a key issue, as the pressure on local broadband infrastructure may mean failures or reduced access. For many organisations, remote systems will be under significant strain, which may impact performance.
Implementingnew technology may have to wait until the outbreak is over so teams can focus on continued operation. Untested software could be unstable and it would be best to use existing solutions for the time being. Roll-outs may need to be paused or revised, but should be ready to be restarted at the right time.
Engagingwith consumers without physical interaction is a major change for many organisations. Key questions need to be asked about how to manage communications, as well as ensuring website infrastructure can handle the increased digital load. Systems need to keep customers informed and process their orders without relying on front-line staff.
Securingyour systems and data is essential, but are organisations and people reacting as quickly as they could? Patches are being put in at short notice, but questions will arise about how secure these may be. People working remotely may be using inappropriate facilities (such as personal Drop Box accounts) as temporary solutions where approved systems fall short.
Actions to consider
Focus internal audit on checking resilience and continuity arrangements. Identify where technology and programmes are working and where they are falling short. How will you run back-ups and are they in accessible locations, should it be required?
Consider increasing your system capacity in the short term to ensure it is sufficient, and make sure all internet-connected devices and services are patched and kept up to date. Prioritise patching high-risk applications that will be used extensively during the quarantine period. Ensure cloud systems have been configured appropriately for security and understand exactly who’s responsible where you are operating IaaS, SaaS and other hosted environments. Run regular external vulnerability scans and reinforce security policies, such as what to do when a device is lost.
Make sensible decisions when sharing information about people who may have the virus, for example with a healthcare agency. Data protection law is no barrier to sharing information where necessary to safeguard someone’s health.
Are you prepared for a return to business-as-usual? There will likely be a spike in demand once other concerns are out of the way. If you relaxed segregation of duty controls during the outbreak, are you ready to monitor transactions when they are reinstated?
Have you thought about how your estate will look after all this is done? With remote working becoming commonplace, is this something that could be beneficial to continue? What learnings can you take away from the crisis?
Consider these questions
Do your employees understand and abide by a formal remote-working policy, and is it effective and secured against cyber security risks?
Will your team - including IT support staff and third-party teams - be able to cope with remote working and large numbers of staff absences?
Have you managed the access rights, VPN requirements and cloud security settings of all the members of your team who now need to work from home?
Have you conducted external reconnaissance of your digital presence, penetration testing and checked the availability and security of your key outsourced systems?
Can alternative techniques, such as data analytics, be introduced or leveraged further to provide visibility of risk and control effectiveness?
“One of the things we’re seeing is an amazing surge in ways technology will help us get through this crisis. Tech is answering questions we never realised we would need to ask. The technology our clients rely on is more important than ever, so it’s essential that it’s fit for purpose. That includes capacity and security across the board, and effective methods to continue to engage with clients and suppliers to maintain business sales.”