With businesses adapting so rapidly to a remote workforce setup during the Coronavirus pandemic, many companies overlooked the basic principles of cybersecurity. Now that the remote workforce has been ongoing for months, in many cases, it’s time to take a serious look at some of the scams and threats your employees are facing while working from home.
In this final blog in a four-part series, the IT and data security experts at ORAM Corporate Advisors offer advice to keep your employees and business aware of threats caused while working remotely. Taking such tips into consideration can help prevent a breach, secure your valuable business data, and prepare your company for the worst.
Securing Your Data Outside of the Office
Consider employing a virtual desktop infrastructure (VDI) or a terminal server. This will allow your employees to securely access your network and their work computer at the office. This means they can access what they need securely without saving anything on their personal computer. Additionally, if an employee chooses to leave, they aren’t taking your business data with them.
Stop Access for Those Not Working
As a result of businesses slowing down, you may have furloughed or laid off some of your workforce. This could breed discontent among employees and/or former employees so ensure they don’t have unnecessary access to information. Work with your department managers, IT department, and third-party IT vendor to cut access to email, servers, and other company data for employees who have been laid off or furloughed. You don’t want them to have access to sensitive or protected data such as health plans, health records, bank accounts, or credit card information in cloud services or other business networks. Access can be easily restored, if and when, they are back at work. Employ the principle of least privilege for all remaining employees.
Update Your Risk Analysis, Management Plan, Policies & Procedures
This loosening of regulations combined with the need to still adhere to them creates two issues employers need to address immediately. The first is to examine your new remote workforce through a cybersecurity lens to see where there may be flaws. A third-party IT contractor such as ORAM Corporate Advisors can conduct such a screening and make recommendations for fixes, which brings us to the second issue: updating your risk analysis and risk management plan. This is also something an experienced third-party vendor can help with.
Some regulations require certain security basics to be in place. Going back to HIPAA, for example, businesses are required to have an “accurate and thorough” Security Risk Analysis and Risk Management Plan in place. The law reads that, “a covered entity or business associate must review and modify the security measures… as needed to continue provision of reasonable and appropriate protection of electronic protected health information, and update documentation…”
What this means is that your business should not only conduct a regular assessment of your systems and networks for security risks, but you need to update your risk management plan by creating new diagrams that show how your employees are accessing data, how new threats and vulnerabilities are being reported and documented, and what steps are being taken to address those threats. You will also need to update your company’s policies and procedures to reflect the new reality of your remote workforce.
This update to how sensitive data is handled and secured may be required for an audit, breach investigation, or lawsuit. In other words, having updated security, a fresh plan, and new policies and procedures in place may save your hide in a worst-case scenario. If you can’t provide documentation that you addressed these issues with your remote workforce, you might just have a problem proving your business handled things the right way when it matters most.
For more information about current COVID-19 scams, remote workforce security threats, and how to apply cybersecurity best practices for your business, contact ORAM Corporate Advisors now at (617) 933-5060.