SureCloud’s Risk Advisory Director, Craig Moores, joined CREST’s President, Ian Glover, in a virtual fireside conversation to discuss their thoughts on the current cybersecurity landscape. As well as the potential risks for both imposed remote working and returning to the office post-COVID-19 lockdown. Read Ian and Craig’s top 10 tips on how to develop your cybersecurity strategy to protect against new threats.
COVID-19 has caused widespread business transformation, forcing organisations to adapt to new ways of working in an extremely short period of time. As our lives begin to transition into this next stage of the ‘new normal’, businesses are starting to consider how imposed remote working has affected their cybersecurity posture. As well as wondering what they should be focusing on as they return to a full or partial office presence.
These top 10 business cybersecurity tips from our recent webinar, outline considerations for organisations to help improve their cybersecurity posture when faced with the challenges of the new ways of working.
It is important to recognise that changes in the way your business operates can often bring changes in your cybersecurity posture, leaving your business vulnerable to exploitation by threat actors.
While seemingly more obvious, most weaknesses are introduced through changes to operational practices. Therefore, keep abreast of the horizon to avoid nasty surprises from hackers when new business processes are implemented.
Phishing is one of the more common activities that cybercriminals are using to compromise systems and data whilst organisations are working through the disruption.
The easiest way for businesses to combat this is through education and awareness – a coordinated awareness campaign can be both cost-effective and easy to execute, particularly when adopting more remote working. (Discover SureCloud’s Training program here.)
Ensuring that risk management is ingrained within your operational processes means that risks are easier to identify and manage.
This is particularly pertinent when working with key third parties who may have also been affected by the pandemic and may be providing services differently.
Security resources are often constrained and businesses considering a long-term hybrid working approach consisting of both remote and office-based working can create conflicting demands. A good way to manage this is to conduct more regular ‘touch point’ assessments of the organisation’s cybersecurity posture which allows for prioritisation of business as usual and future activities.
Organisations should carefully plan their return to work strategy to ensure that these not only consider the latest Government guidelines but also that these will have a positive effect on the working environment. The new normal will bring a range of potential changes to business as usual activities which introduce benefits that need to be managed alongside impacts and challenges.
Not all staff will favour remote working, particularly if this has not previously formed part of their normal ways of working. Therefore, never assume that remote working is a good answer for everyone!
On the other hand, some employees may be feeling apprehensive about returning to work after lockdown, so it is important to consider all sides of the spectrum and review some employees’ situations on an individual basis.
Managing assets that have access to company information is a challenge and various answers mostly centre on technology solutions. However, having a structured, risk-based approach should precede this to ensure that controls are proportionate to the risks posed by non-company assets, for example, bring your own devices (BYOD) and use your own devices (UYOD), and that control is retained centrally.
If you have annual compliance visits planned in, consider how your position may have changed – audits will not necessarily take the same structure or focus on the same areas of the business with more audit and assessment bodies moving to remote workshops and focusing on managing risks involving key controls e.g. remote working.
The model in which organisations conduct business needs to take into consideration the expectation of all affected parties, therefore, managing the expectations of key stakeholders is paramount. To achieve the right balance of strategy and operational resilience, organisations need to develop an approach that considers resource savings, e.g. automation, and focus on where the most value can be derived.
Related to managing risks and stakeholder expectations, this tip focuses on managing the people involved in your organisation and ensuring that, wherever possible, future intentions are structured and transparent, to prevent future malicious activity.
Trust is important and very difficult to regain; therefore, honesty is the best policy when developing future initiatives and dealing with the eventual outcomes of COVID-19
As our lives begin to transition into this next stage of the ‘new normal’, businesses should consider how imposed remote working has affected their cybersecurity posture, whilst implementing these top tips as they return to a full or partial office presence.
Ensuring they maintain a strong business cybersecurity posture during the transition to new ways of working and in their long-term strategy.
If you would like to hear from Ian and Craig, and their thoughts behind these top tips, then check out their virtual fireside conversation here.
The Cyber Resilience Assessment delivers value in three key areas, lessons learnt, security posture and future strategy.