Firms need to be well equipped to support large scale off-site working arrangements during COVID-19.
The ability to protect our homes, livelihoods and health from a sudden onslaught has become the primary concern of citizens around the world in view of the COVID-19 outbreak.
With business continuity in mind, a slew of preventive measures has been rolled out by companies to minimise risk and exposure, while still maintaining business as usual as far as possible. The speed of rolling out these measures, however, suggests a few questions such as:
• Are firms well equipped to support such wide measures of off-site working?
• Are incident response plans updated and tested to handle adverse situations such as an office disruption?
• In the event of a protracted war with COVID-19, can our infrastructure and processes handle a new way of doing business?
It is always advisable to Stay Vigilant and Prepare for Recovery. Stay Vigilant to monitor any abnormal activities on your network, servers or devices and Prepare for Recovery by considering a contingency action plan for quickly establishing a temporary business functionality and backup readiness. For instance, ensure that you have current and accessible backups, perform test backups, and keep offline and offsite backups as well.
Even while the health of our workforce is a primary concern, new cyber-security risks have arisen to pose a data leak risk for both the firm and the employees:
• Using unsecured public or home networks may compromise the company’s data;
• Hard copy documents may be left unattended;
• Weak password policies may lead to data theft;
• Phishing emails may be sent by malicious actors posing as government officials to gain access to sensitive data.
Even as we devise ways to enable our staff to work anywhere, compliance issues loom on the horizon and compound these cybersecurity concerns. Human Resource and IT professionals must question whether they are ready or equipped to monitor resources and support staff remotely, rather than in an office. Traditional “in office” systems such as attendance punch-cards systems and CCTV cannot help you to keep track of people who may be working from home, or the nearest coffee shops.
A holistic approach, customised to the environment we operate in, needs to be considered in order to close the gaps that an unexpected pandemic may cause. Some of the factors may include:
• Designing, reviewing and testing business continuity plans;
• Reviewing and auditing infrastructure via backup and capacity review and stress tests to ensure it can cope with a sudden ramp up in remote workers without exposing the company to a potential data leak;
• Strengthening communication channels to ensure that news cascades efficiently and effectively; or
• Raising awareness of the potential for cyber-security and compliance breaches in the current climate
• Keeping abreast of the news and responding quickly to threats or changes
News on COVID-19 are now an unavoidable daily occurrence in Singapore or other countries. While most people are struggling to cope with the drastic change in the demands and requirements of consumers, there are still others who seek to target the weakest link in the chain. Whether by way of phishing emails or unsecured WiFi networks, we need to keep vigilant to ensure that we can truly have a mobile and flexible workforce.
For more information, please contact:
Cybersecurity & Technology Advisory
Forensic & Litigation Support
Nexia TS is a member firm of the “Nexia International” network. Nexia International Limited does not deliver services in its own name or otherwise. Nexia International Limited and the member firms of the Nexia International network (including those members which trade under a name which includes the word NEXIA) are not part of a worldwide partnership. Nexia International Limited does not accept any responsibility for the commission of any act, or omission to act by, or the liabilities of, any of its members. Each member firm within the Nexia International network is a separate legal entity.