Remote working has become an increasingly popular option for organizations in the light of COVID-19 pandemic. Social distancing has forced many employees across the globe to stay at home, meaning remote working is no longer an option but a necessity. However, the new set up comes with new challenges. Information security, therefore, must be the top priority for CIOs this time. In this article at InformationWeek, Mary E Shacklett explains the questions that CIOs must ask themselves to assure that corporate governance and security are ‘up to the task’ for remote work.
Questions that CIOs Must Ask Themselves
Is Remote Work Security Assessment Conducted?
- How well protected are the network endpoints and IoT? As endpoints are the entry points of cyber attack and data breach, you must ensure that endpoints are highly secured.
- Is the IT policy well-defined for maintaining current operating system updates for all devices that employees use, and is it automated? “Every time Microsoft, Apple, or any other device provider upgrades software to patch a security ‘hole,’ the update should be synchronously pushed out to all the devices your employees are using to access your system,” says Mary.
Are Employees Aware of Security and Governance Requirements?
Develop a formal work-from-home policy and disseminate it to your employees. This will help them understand the conditions of working safely from remote locations. The policy must mandate strong password selection and must emphasize the importance of storing assets on the cloud, managed by your organization. Also, issue periodic messages with security tips.
Is Your IP Strong?
Use multi-factor authentication and data encryption to protect sensitive information and intellectual property. Identify IP-sensitive assets in the network, and put in place hardened security access to safeguard that data.
Is the Organization Ready with Disaster-Recovery Plan?
Your disaster recovery plan must comprise of procedures to intervene and mitigate a remote access security breach. The plan must include communication with the end-user and immediate shutdown of device access.
As with any cybersecurity risk, you can mitigate the issues caused by remote working through effective documentation. To read the original article, click on https://www.informationweek.com/strategic-cio/security-and-risk-strategy/corporate-governance-in-the-era-of-offsite-employees/a/d-id/1338140.