Risk Management Blog
Content for Risk
Management Professionals

RiskPC

April 15, 2020

Working Remotely During the Coronavirus Crisis? Flatten the Cybersecurity Curve with ERM

WorkingRemotelyCybersecurityCurveERMCOVID-19, the new coronavirus, has created a paradigm shift in risk management. Businesses have transitioned to working from home in order to help flatten the curve of the pandemic — stressing their IT resources.

With this transition comes new cyberthreats. Enterprise-wide adoption of remote technologies, increased activity on customer-facing networks and the reliance on web-based services are all new entry points for cyberattacks. For example, video conference privacy policies, such as Zoom, Google Hangouts and Facebook Messenger, are now coming under scrutiny.

How can you reassess your cybersecurity choices and protect customer data within this new status quo? Incorporate cybersecurity practices into your enterprise risk management (ERM) program. The best way to do this is to start with a thorough evaluation of your current level of risk with the help of Procipient®.

 

Remote Risks — The Intersection of Corporate and Consumer Assets

How can your organization be smart about this new working environment? The Cybersecurity and Infrastructure Security Agency (CSA) encourages organizations to adopt a heightened state of cybersecurity:

  • Put in place secure systems that enable remote access.
    • Utilize a Virtual Private Network (VPN) to connect employees to an organization’s network.
    • Ensure the VPN and other remote access systems are fully patched.
    • Enhance system monitoring to receive early detection and alerts on abnormal activity.
    • Implement multi-factor authentication.
    • Configure all machines with firewalls, as well as installation of anti-malware and intrusion prevention software.
  • Test remote access solutions capacity and increase capacity to meet your team’s needs.
  • Bring any business continuity/disaster recovery (BCP/DR) up to date.
  • Increase awareness of information technology support mechanisms for remote workers.
  • Update incident response plans to consider workforce changes in a distributed environment.

Beware of remote work that positions corporate assets and consumer-grade Industry 4.0 devices on the same networks. Internet of Things (IoT) devices — including interconnected smartphones, televisions, refrigerators and virtual assistant AI technology within a Smart Home —aren’t designed with cybersecurity as top of mind. Putting your corporate hardware on the same Wi-Fi networks as these devices is like blood in the water for hackers.

In addition, HIPAA, GDPR and other similar privacy laws are still in effect during the coronavirus crisis. You’ll need to confirm that remote environments comply with applicable laws, regulations and standards.

But don’t jump the gun on cybersecurity choices. Most companies likely don’t have the resources to tackle all of this at once. First, you need to conduct a risk assessment to identify your greatest areas of risk — financial, liability, reputationally and from a regulatory perspective.

Having a complete risk assessment can help you address the most important issues first and avoid wasted time, money, labor and resources. Fortunately, Procipient® is the professional-grade ERM/GRC solution that meets your needs. Your organization will be successful at tackling not just cyber risk, but all types of enterprise risk.

 

Procipient® Keeps You Confident in Your Work

Procipient®’s Cybersecurity Assessment Template (CAT) lets you assess cybersecurity risks and controls for remote work and link directly to your enterprise risk framework. You can calculate residual risk scores to instantly see how well recently implemented controls are aligned with the level of inherent risk.

Procipient® can help evaluate your organization’s cybersecurity measures so you can focus on the appropriate controls for an ever-evolving situation. The ERM/GRC software has pre-built cybersecurity assessment templates that are compatible with FFIEC, NIST, COBIT and ACET that can:

  • Identify and isolate gaps in your cybersecurity controls.
  • Compare types of cyber risk and aggregate scores.
  • Assign tasks to ­fix gaps in controls and track their completion.
  • Stay in compliance with privacy laws like PCI DSS, HIPAA and GLBA.

Your company’s workflow was upended almost overnight. Use Procipient® to stay confident in your ability to deliver services to your customers while keeping their data confidential — even within the new remote-work world.

 

Learn More

Request a demo today to see how Procipient® can help your organization protect against cyberattacks with a powerful ERM program.   

Request Demo