Rebuilding Cyber Fitness After a Crisis
I don’t know about you, but it feels like we just got used to remote working and now we need to think about returning to the office!
The move to remote working happened very quickly and without much time to plan. As a result, there might be some workarounds, processes or equipment that you had to implement without your normal due diligence.
The way we work moving forward will largely depend on the needs of your team whether your office space is sufficient to support new government safety guidelines.
Before rushing back to the office, take a few minutes to reflect on the last few months and review some of the security implications associated to the choices made along the way.
These next few minutes could help you anticipate nasty surprises 👻associated with returning to the office.
Take a few moments look for opportunities to improve and secure your processes and technologies as you return to the office.
Check devices for nasties
You don’t know what laptops or other devices might have picked up while being connected to ‘unmanaged’ home environments. A cyber criminal looking to make a quick buck may have installed malware via a scam or shockingly a disgruntled partner or competitor (yes it sounds very James Bond, but it happens) might have left behind something even more dangerous.
Before connecting anything back into your office network:
Check that antivirus and security patches have been updated.
Remind staff working remotely to give their home a Cyber Fitness Checkup.
This will also set you up for the future in case your business needs to go remote again for some reason.
Review system access
If you granted access to systems your business relies on, either temporarily or otherwise, now is the time to review who can access what and lockdown any gaps. Leaving access unchecked is like locking your front door but leaving all the windows open - anyone might get it.
Review any new approvals to systems or files from the last few months. Pay close attention to any administration level access approved.
Review access levels of new employees to make sure they have only what they need to do their job.
Review physical and virtual access of former staff that you may, unfortunately, have had to let recently. The last thing any of us want us an upset employee taking, modifying, or deleting something important to your business.
Remind staff of what’s expected
If your team have been saving files to their home personal computers, think about how you’ll transfer these back into the office systems without corrupting and messing with multiple versions of the same document. 🤯
Review your data to ensure you understand what’s sensitive and who has access.
Remind staff to securely dispose of anything sensitive they may have printed at home or stored temporarily on their personal computers.
Update policies, procedures and insurance
If you don’t have an Information Security Policy or Incident Response Plan, don’t worry, you are not alone. These documents can help your staff understand what they need to do in the event of an emergency and bring clarity to what’s expected of them when it comes to cybersecurity.
If you don’t have these policies, consider creating them.
If you already have them update them with any changes you’ve introduced. Focus on those areas relevant to business continuity and remote working. We can help you with this.
If you are going to continue to use online communications platforms like Zoom, Teams or Slack; now is the time to make sure they’re securely appropriately!
If you already have cyber insurance, check what’s covered now that your team is working remotely and check that your responses to policy proposal questions haven’t changed.
If you don’t have any insurance, consider the value it might give you moving forward. Just like medical or car insurance - it’s too late to buy it after something goes wrong.
Get rid of things you don’t need
In shifting to a remote workforce, you might have set up systems to allow your staff to continue working outside the office. This may have left your business exposed if not secured appropriately.
Review the technologies you’ll be continuing with and determine if there are any that are no longer required and should be shut down.
Check licenses you may have accumulated unexpectedly when going remote. Look for free trial accounts that may be about to expire and ensure you delete accounts if you decide not to continue with a vendor.
Plan a post-incident review
Once you’re all back in the office, it’s a good time to get your team together to perform a post-incident review.
As part of your post-incident review, you should create an action plan while it’s still fresh in your mind.
The COVID-19 crisis should be considered an incident, as we’ve all had to rapidly change the way we do things and react quickly.
We totally understand that for some, there is a long list of decisions to make when moving back to the office. Please include these points to that list, because the “I’ll deal with it later” approach could leave you dangerously exposed.
Now is the perfect time to work on your Cyber Fitness and we’re here to help you get back on your feet no matter where you are on your journey.
At Cynch, you can create a customised Information Security Policy and security Incident Response Plan in just five minutes. We also have a fitness program dedicated to helping small businesses navigate the remote working world during this COVID-19 crisis.