Governance in a pandemic
May 15th, 2020
4 min read.
2020 - nobody saw it coming!
Literally, from the start of the new year it's been disaster after disaster. We started with Brexit. Then it was floods. Now it's a pandemic.
Soon to follow we probably have:
The postmortem of the Governments handling of an impossible situation
It's bonkers. In the middle of it all, however, has been the most rapid transition in a generation from office working to remote working on a mass scale. Digital transformation programs have been leap-frogged or forcibly driven by the imposed social distancing measures the world has suddenly had to cope with.
This has raised two primary considerations - the first everyone has recognised; the second is still flying low under the radar.
First came the trial by fire for businesses over whether they could make the leap to remote working. After some panic, a few people running around with their hair on fire and some last minute overpriced purchases of hardware, many have made it through the trial, but with a massive range of emotions over how easy it was...or wasn't.
Second, however, is the widely unseen and unconsidered risk that remote working introduces. Few have given any thought to the information governance and information security angles of remote working. Of those that have considered it, many have buried their heads in the sand and are hoping, perhaps praying, that they make it through this period without a serious, game changing security incident or breach.
There's a famous saying:
If you want to go there, you don't want to be starting from here!
Thinking about governance and security in the middle of a pandemic when remote working has been thrust upon you with little notice is hardly a great place to be starting from. However, here is where we are, so here is where we start.
A few things you should probably consider straight away:
It sounds obvious, but making sure that only the stuff that needs to be accessed remotely is available externally is not only good practice, it's an essential part of keeping your data secure. If you have data sets/files that nobody actually needs to access whilst working remotely, lock it down so that it is not availble.
Do you have 2 factor authentication (multi factor authentication) switched on for your key accounts, like email or office365? 2FA is a great way of protecting your data. It means that fraudsters need access to a (your) device, as well as a hacked/guessed/intercepted password to get in to your account. This is a large uptick in security that would have prevented several of the data breaches we've been involved with over the last 12 months.
Regular review of user accounts and related permissions is a really good way to make sure that data isn't being accessed fraudulently. If you have access to logs, reviewing the logs to see whether your accounts are being “probed” for weaknesses. This allows you the oppotunity to get ahead of a breach and bolster your security.
If you are worried about your position, then you may be pleased to hear that we can help you with that, and that much of what we do can be done remotely. Consulting on how to improve your information governance and/or your information security can be conducted quite comfortably over Teams, Google Hangouts, Zoom, Skype, or any other conferencing platform.
So, if you'd like to find out more about how we can help you to reduce risk, we'd suggest don't wait - please get in touch today!
If you found this article helpful, please Tweet, Pinterest, Linkedin, Facebook - do what you do to share it with others you think will benefit from reading it. Thank you!