With regard to cybercrime, the old saying often rings true: when it rains, it pours. COVID-19 has presented an extraordinary opportunitiy for cybercriminals to prey upon and exploit the visceral fear the pandemc elicited from millions of people around the world. Those criminals shifted their attacks to focus on Coronavirus testing, stimulus checks, and other topics related to the pandemic.
As we transition into this new phase of “reopening the economy”, it’s important to recognize that the shift in malicious activity brought on by COVID will not go away. In fact, as society is gradually opening back up, and pandemic fears are beginning to ebb slightly, cybercriminals will shift their methods once again and remain active doing what they do best: seeking new opportunities for manipulation. Companies need to remain guarded and vigilant, and they need to ensure their people understand the risks and can identify potential attacks.
While there are many cybersecurity lessons to be learned and made actionable as a result of this pandemic, we’re going to start at the very foundation of a strong cybersecurity stack: a well-thought out, flexible IT governance policy.
What is an IT Governance Policy?
The purpose of an IT governance policy is to marry your overall business strategy with your IT strategy. It serves as a formal framework that outlines the leadership, processes, tools, structures, and methodologies that your organization implements to sustain, monitor, and accomplish technical goals. An IT governance policy not only helps to mitigate the risks that are inherently associated with IT, but it can also help drive your business towards achieving strategic, profitable objectives.
Distributed Workforce & IT Governance Policy
The concept of distributed workforce has brought forth unique technical challenges. Your newly distributed population of workers may face difficulties relating to physical hardware, software, communication & collaboration tools, WiFi connectivity, VPN, secure file accessibility, and/or best cybersecurity practices – just to name a few. If you team previously did not have the ability to work from home, or only a small segment of your employee base did so, it’s likely that your IT governance plan was not ready to address these issues that came hurtling into our world as a result of the pandemic.
Distributed workforce isn’t a concept that was only adopted as part of the response to COVID-19 - it’s here to stay.
While some employees will be clamoring to return to their physical office space as soon as possible, others will question why a physical return is even necessary. After all – haven’t they proved over the past few months of quarantine that they can work just as effectively from home as they did in the office? These are complex questions you will need to face, and to help you do so we have two recommendations.
Recommendation #1 – Revisit Your Plan with a Mindset for Change
First – take out your IT governance plan and give it a review. Since the beginning of the pandemic, we’ve seen a five-fold increase in cyberattacks, plus a distinct emergence of new and sophisticated scams directly related to Coronavirus aid and relief. Thus, revisiting your security stack and the processes for how your company manages IT-related risk is of paramount importance right now. We’ve experienced an unprecedented amount of change in a very short amount of time. The truth of the matter is this: if you haven’t updated your IT governance plan in the last three months, it is outdated. COVID-19 brought forth unique technology challenges that your business previously did not have to account for. The needs of your business and its people have changed, and so too should your plans.
Do you have a specific process for how employees are connecting to your corporate network remotely? How are employees accessing sensitive information from their homes? What kinds of anti-malware, firewalls, and other security programs are deployed on your employees’ devices that they’re using to work from home with? Have you considered re-training your employees with regards to how they should approach the new security challenges associated with both the pandemic and remote work? If you haven’t already addressed these questions, now is the time to do so. Your IT governance policy should adapt along with internal changes to your company (such as a merger/acquisition), as well as with external environmental changes that are outside of your control.
Recommendation #2 – Invest in Your Team
Make the argument to management that investing in the right tools and technologies for your employee base up front is a key contributor to productivity and overall success in the coming months. Beyond just physical devices (laptops, tablets, and smartphones), is your team leveraging best-of-breed technologies to maximize efficiency while working outside the office?
One example of a tool that Envision has leveraged countless times during the pandemic (and long before) is Microsoft Teams. This communication and collaboration features of this platform are incredibly powerful. Teams has allowed our employees to connect with one another in very meaningful ways during this period of quarantine. From hosting company-wide video meetings, to collaborating on files in real time and taking advantage of the platform’s numerous application integrations, Teams has had a massively positive impact on our organization’s productivity, time and project management, connectivity, and culture. Microsoft is currently offering six months of free Microsoft Teams licensing to all businesses in response to the COVID-19 outbreak. Our technology solutions experts can help you take advantage of this offer with installation, seamless integration, and training.