Layoffs, decreased sales, and difficulty managing a remote workforce have been an unfortunate reality for many companies weathering the COVID crisis. As companies enter “survival mode”, it’s easy to lose focus on security and compliance. Cybercriminals know this, so cybercrimes tend to increase during a crisis. Our three quick tips to promote security in a time of business disruption are:
- Train Employees: Now is a great time to leverage online security awareness training courses. There are full security platforms with phishing tests, multiple course options, and course completion tracking. Free content is also available from reputable security organizations. Training should address phishing – emails or calls impersonating a legitimate company and requesting personal, financial, or login data. The FBI Internet Crime Report lists phishing as the most common type of internet crime and remote workers can be highly susceptible.
- Check the BCP: If you have a defined Business Continuity Plan (“BCP”), this can be a good source of information on how to support operations during this time. If you don’t have a BCP, consider developing one once you are back to “business as usual”. Leverage the lessons learned from how your organization managed the business disruption caused by COVID.
- Stay Compliant: Depending on your company’s size and industry, you may be required to comply with HIPAA, SOC 1, SOC 2, GDPR, SOX, or other regulations. Compliance doesn’t stop for COVID, and some regulations have severe repercussions and fines for noncompliance. At ML&R our IT Risk & Compliance Team is continuing to perform SOC Readiness & Examinations, HIPAA Assessments, and Security Assessments, even while remote.
Security and compliance are more important in a time of business disruption. We’re here to help, contact us to speak with a member of our team.