As the World Health Organisation raised the COVID-19 outbreak to global pandemic status last week, more businesses are taking precautions to help stop the spread of the virus and protect their employees. For many, this may be the first time they’re putting their business continuity plans into practice and realising they may not be as robust as they need to be.
Here are some of the key points businesses should be considering.
1. Work from home policy
Does your organisation have a clear work from home policy in place, that is available for all employees to access? What are your expectations for your employees’ availability and responsiveness, how do they access tech support if needed and are there clear lines of communication?
Having a clear, well-documented work from home policy is key – not only for your employees but also your business. Understanding what is required of your staff in order for your organisation to still work effectively is the most important component of any business continuity strategy.
2. Employees’ equipment and technology
Do your employees have the correct equipment for remote access to your systems? (Devices, home broadband etc.) Think about how you can facilitate this need for your employees if necessary, do you have the structure in place for your staff to use their own devices securely if they are unable to utilise company provided ones. If you provide company laptops, encourage your users to take them home with them at the end of the day when possible just in case the worst should happen and they are asked to quarantine.
3. Securing remote workers
Are your staff able to work remotely, securely? Do you have Multi-Factor Authentication (MFA), location controls and Data Loss Prevention solutions in place? If you haven’t already set up MFA controls on your business-critical applications and services that have access to sensitive information, it would be prudent to complete this as soon as possible.
Consider setting up access controls by geo-location or IP addresses for high-risk accounts such as admins or senior executives who may be a target for cyber-attackers. Think about the visibility you have into data flows, would you be able to detect a leakage of sensitive data, whether it’s malicious or accidental, and do you have controls in place to stop it. Consider adding security via a VPN to secure mobile or home Internet connections.
4. Communication tools
What communication tools do you have available for your staff to still collaborate with team members, clients, and vendors? These can vastly improve productivity and effectiveness with tasks. We’ve already seen a lot of customers move away from the reliance of email, which is so often exploited by cybercriminals, to tools such as Microsoft Teams, Slack, Webex, to improve efficiencies.
5. Be wary of unusual requests
Sadly, cybercriminals often utilise the smallest of disruptions to their advantage, and so will begin to prey on the uncertainty this pandemic creates. It is important to ask employees to be extra cautious when dealing with payment requests, or data handling. If they are receiving an unusual request or are just unsure, it’s much better to be safe than sorry, pick up the phone and speak to your colleagues to validate what is being asked is legitimate.
The most important element throughout this pandemic, or any other crisis, is clear communication with your employees. Reassure your staff that there is a business continuity plan in place and the organisation has a strategy available to ensure as little disruption to everyday work-life as possible.