In recent months, most information-based jobs in Australia – and the entire world, have relocated from internal corporate networks to individuals working from home (WFH). Achieving this transition in a few weeks, arguably one of the biggest transformation projects in the history of IT, is a testament to the skills of the IT staff, the technology products chosen by the company, and the adaptability of staff.
In a rapidly changing event such as COVID-19, company survival displaces avoidance of short term risks. Now, the longer that we are in WFH mode, the longer-term risks, measured against a backdrop of increased phishing and hacking based on COVID-19, temporary security outcomes, and degraded or non-existent compliance, requires additional actions be taken by organisations.
Now that this new working environment has stabilised somewhat, many organisations will benefit from taking a fresh look at the resulting security outcomes. If you face challenges talking to management about the need to resource these reviews and any resulting outcomes, consider a simple scenario.
Most companies undertake some due diligence when engaging a new provider or supply chain partner. Imagine if that new provider responded and said “We don’t manage our network security, we don’t patch our network and we are not sure if our anti-malware controls are up to date. By the way, we also have some unsupported and unmanaged consumer grade products, several of which are remotely accessible by the foreign manufacturer without any oversight from us. Further, we share systems between individuals, without any password controls on most devices in our network. By the way – we will need access into your corporate network and systems to do our job”.
The management answer of whether the risk of choosing to use that provider is warranted is probably pretty clear. Unmanaged, unsecured equipment, IOT devices, consumer grade controls and lack of accountability are just a few compliance and risk management aspects to consider.
Now consider that same ‘provider’ or element of your supply chain as being an employee’s home network environment. Is it appropriate for executive management and Directors to ignore the long term risks, knowing that these new exposures are both present and real?
Even more importantly, are the regulatory and compliance risks worth the financial exposure, without implementing mitigating actions?
Loop’s experience in moving our workforce to being wholly WFH is that these challenges can be overcome. Some of our clients and industry colleagues have shared similar challenges, all which vary based on their industry, business model, and the plethora of home environments that make up the Australian workplace of 2020.
Maintaining compliance to contractual, industry or legislative requirements is viable, now that Phase 1 of the WFH transition is largely complete. If you are facing questions around the WFH security obligations you face, reach out to others who have encountered and overcome such challenges.
Loop has been proactively providing free webinars and briefings on WFH security risks and security awareness for the WFH employee. We have recently developed a COVID-19 Risk Register that addresses all potential risks and events posed by WFH aspects of your business, along with suggested mitigation strategies to reduce these risks.
For a free copy of the COVID-19 Risk Register, please register your details via the following link:
Have you had a cybersecurity incident while working from home?
