Corona virus pandemic has impacted the whole world in an unprecedented manner. From a slow spread initially, it has at the moment has reached to more than twenty million cases in total and is continuing to grow with each day. To contain the spread, many organizations enabled remote working option for their employees.
As employees connect remotely, the risks increase in the way of each of these remotely connected devices becoming a potential surface for the hackers. Their main target would be to siphon-off the valuable information or to install malicious code that would infect the devices and there by the whole network, if left unchecked. Many recent surveys have projected multi-fold increase in the number of cyber security incidents mainly arising out of the remote work stations. Some of the other issues arising may be on the business continuity, availability of infrastructure, availability of internet band-width (especially when you are connected through a Virtual Private Network (VPN) that consumes more band-width). All of these can be handled effectively with an Integrated Risk Management (IRM) in place. Let us look a closer look at the information security risk issues out of the remote working devices.
The three tenets of Information Security Risk Management (ISRM) are –
The three tenets of Information Security Risk Management are –
Each of these can be achieved through proper design and deployment of controls. These controls have to be tested consistently to validate their effectiveness. Control testing also ensures the changing environmental factors are taken into account. A robust reporting structure that is transparent enough for higher level management to understand the current risk posture of the organization is vital.
Integrated Risk Management (IRM)/ EGRC (Enterprise Governance Risk Compliance) rightly comes handy deploying Information Security Risk Management solutions in the organizations. These risk management solutions ensure the accountability and requisite transparency of the activities going on in the organization. These solutions when built on smart suite platforms such as RSA Archer provide a right mix of technological sophistication and ease of use. The disconnected GRC points have to be integrated for a holistic view to enable quicker decision making ability. RSA Archer has been an undisputed leader in the EGRC realm from many years. The 2019 Gartner Magic Quadrant has named RSA Archer as the leader in IRM (Integrated Risk Management) solutions, IT Risk Management, IT Vendor Risk Management and Business Continuity Risk Management.
Right set of information security controls, assigned responsibilities and accountabilities, reporting structure, strong set of information security analysts and a continuous monitoring system integrated with EGRC platform will provide peace of mind to the organizations during these uncertain times.
Corona virus has completely changed the landscape of the way people live and perform their day to day tasks. More and more things are now catching up along the digital way. Online doctor consultations have grown up many folds post corona pandemic, the food delivery apps are in great demand now than they ever were, educational institutions are now gearing up themselves to go online, to name just a few.
Organizations such as banks, financial institutions, insurance providers handle critical data that needs to be safeguarded in these times when majority of their workforce is working remotely. If your organization is one of these critical institutions, it is time to ponder on the risks arising out of the remote connectivity. Some aspects requiring a deeper dive of the management are –
a) Infrastructure needs of employees
b) Business Continuity Management
c) A stronger incident management team
d) Stricter controls on data sharing and protection
e) Trainings
Some governments have officially announced a total lock down in countries like India and at some other nations such as in the USA, the restrictions were not as stringent. But, every organization that keeps the interests of the employees at the forefront has been ramping up the remote connectivity facilities to most of its employees. Identifying the right set of employees who need to be enabled to work remotely, procuring requisite hardware infrastructure, configuring the devices per the needs of the business units and depolying at the employees places are the core set of activities to be done to ensure remote connectivity. Integrated Risk Management (IRM) gives a bird’s eye view to the higher management of the progress of the effort and can at appropriate times alert if there is risk in the activities. The reporting could be configured from corporate level down to division level, then to business unit level and further into department level, ensuring absolute transparency.
Integrated Risk Management (IRM) smart suites such as RSA Archer comes with out of the box Business Resiliency solution that takes care of the business continuity management. The easy to configure modules can be readily leveraged for faster deployment. Business Continuity ensures that the operations continue to be performed, if there are any unexpected situations. Cold sites and hot sites, as are available can be put into action when things go haywire. The IRM solution has capability to test several of the contingency plans, record appropriate metrics that the stake holders and the management are in agreement with.
RSA Archer has an in-built incident management module that is designed with industry insights. It has all the components necessary, with minimal customization needed to suit to the requirements of crucial industries such as banking and health care. For larger organizations, it is imperative to have a proper tracking, analyzing, disposing and reporting platform for incidents/issues. Each day, based on the number of employees, thousands of incidents are reported. IRM solution enables the organizations to analyse these large number of incidents and understand the pattern, gain incidents on the root causes and ensure they are minimized in the future. During uncertain times such as COVID pandemic, it makes sense to give higher priority to have a stronger incidents management team. IRM solutions can help in a great deal on this front.
With employees logging in from several different places remotely, there is a high scope of loss of data. Strict data loss prevention controls have to be deployed across the devices, for example an email policy adhering to prevention of information loss. Implementation of controls is just one step within the wider context of information security risk management. A proper training schedule has to be in place for all eligible employees on relevant topics such as email policy, data privacy policy, issues management policy etc. All these can be perfectly tracked, appropriate personnal be made accountable for, reported to the higher management with Integrated Risk Management solution in place. To read more on the capabilities of Integrated Risk Management using RSA Archer, please click here.