As more and more individuals are working from home in an effort to “flatten the curve” on the spread of COVID-19, companies are faced with deploying or implementing and deploying, their Business Continuity Plans (BCPs). The goal of a BCP should be that the business and staff remain compliant with internal IT policies and any regulatory policies applicable to the business as their staff work remotely for an indefinite amount of time. In addition to compliance, it is important that companies remain aware of the heightened data and security risks that come with working from home, and that the necessary steps are taken to protect data and information while remaining compliant with internal and regulatory policy.
There are many compliance items that require attention and consideration during a pandemic. Julie DiMauro from Thomas Reuters compiled a ‘Compliance Checklist for Operating During a Pandemic’ that spells out key items that should be taken into consideration. From ensuring there are sound emergency procedures around how to reach employees, to redistributing security protocols and protecting information; the list can be used as a helpful guide of things to consider and implement across businesses during a crisis or pandemic. The list can be found at https://blogs.thomsonreuters.com/answerson/practice-note-compliance-checklist-for-operating-during-a-pandemic/.
During this time, the risk of non-compliance regarding regulations around data privacy should be at the forefront of everyone’s mind. Whether it’s from a data breach or getting work equipment or materials stolen, the increased risk of information being stolen also raises the risk of non-compliance. Rita Selvaggi from Cyber Security Insiders lists three steps businesses should be following to ensure you are staying compliant:
- Know Your Regulations – Be aware of the regulations your organization is subject to and rely on internal experts to help you comply
- Understand What is Required – Understand the requirements for each regulation and put controls, processes, and solutions in place to adhere to them
- Review Compliance Controls – Gain visibility into employee behavior and if necessary, perform activity audits to ensure specific data protection mandates are upheld
Cybercriminals see times of crisis as an opportunity. As individuals are working from home and spending more time on the internet, scammers have been using the public fear of COVID-19 as a way to attempt to steal information. Ben Hartwig from GritDaily lists five things to be aware of to avoid getting scammed:
- Never use an unsecured internet connection
- Fake COVID-19 Emails – Offers for ‘testing’ or ‘cures’ to Coronavirus
- Coronavirus Related Phishing Emails – Fundraising for virus victims
- Fake Financial Schemes – Fake ads for nonexistent jobs
- “Smishing” Schemes – COVID-19 related text messages
In this time of uncertainty, we are constantly seeking answers and information to stay alert and prepared during the pandemic. Because of this, it may be easy for some to overlook that there are people who would take advantage of this vulnerable time. Be cautious of e-mails, advertisements, and texts you receive during this time. Never share passwords or personal information, and do not click on links unless you know it is from a valid source. Additional tips and more information on what to look out for can be found here.
As many of us adjust to the new norm of working from home during this time, it is crucial that we stay compliant and aware of the security risks that may occur during this time. From making sure you and your business are aware of compliance items that require attention during a pandemic, to being cautious of potential threats, you can exit this pandemic successfully by staying alert, and proactive in protecting information and remaining compliant.
Resources:
- Resources
- Small Business Relief