COVID-19: How Digital Transformation Can Improve Business Continuity
The Coronavirus (COVID-19) rapidly impacts our daily lives and organizations. For all organizations, the challenge is to protect people and maintain operations.
COVID-19 is not a virus that affects your IT systems. Therefore, the recovery of your technology is not the biggest challenge. Today, technology is rather the solution with many organizations being able to provide teleworking solutions. By leveraging technology, organizations can stabilize their business operations and shift from reacting to the crisis to starting to get ahead of it.
To do so, it’s of vital importance to continuously manage (IT) risks related to the high number of people working remotely for an extended period of time:
- Are my teleworking solutions sufficiently available?
- How do I ensure security of my corporate information?
Below, we provide a number of practical recommendations to be (re)considered in this current situation:
- Ensure that VPN access, network bandwidth and specific tooling (e.g. videoconferencing, file sharing…) are sufficiently scaled to meet the overloads of remote workers, including the required access of your key vendors.
- Ensure control measures are implemented for identified single points of failure when working remotely.
- Ensure sufficient IT staff are available to handle the number of queries from people working remotely.
- Ensure that roles & responsibilities are clearly defined for communication with employees, clients, third party vendors and other stakeholders.
- Revise your teleworking policy and ensure that employees are informed on how to use the teleworking solutions (e.g. employees should not mix work and leisure activities on the same device).
- Ensure that employees are informed on how to process security incidents and personal data breaches.
- Ensure that business applications are only accessible via encrypted communication channels (e.g. SSL VPN).
- Ensure adequate Identity and Access Management procedures are in place to ensure secure access to corporate systems and applications (e.g. 2-factor authentication).
- Ensure up-to-date security software on corporate devices.
- Direct internet exposure during remote access is a security threat that should be prevented (e.g. Remote Desktop Protocol).
- Cybercriminals currently exploit the COVID-19 pandemic: employees should be well informed on cyber related attacks such as phishing, social engineering or malware.
- Ensure tools are available to facilitate secure file sharing to protect your company information.
The COVID-19 pandemic also reminds us of the difficulty of planning for these kind of disruptive events. Many organizations did not anticipate major business disruptions such as we experience at this moment.
It is important for businesses (large and small) to have in place tailored Business Continuity Plans to meet their strategic objectives. Our team of experts at Crowe- Callens, Pirenne, Theunissen & C° can support you in:
- Assessing and mitigating your key risks
- Assessing the impact on your critical business processes
- Implementing a Business Continuity Plan (BCP) and IT Disaster Recovery Plan (DRP) on how to respond and resume after a disruption
- Implementing crisis management
- Testing your BCP/DRP
For questions, please feel free to contact us.
Gorik Van den Bergh
IT Audit Director