Water Over the Bridge? Don’t Panic. It’s Water Under the Bridge
The disruption to life-as-we-know-it resulting from the COVID-19 pandemic is similar to localized natural disasters, but magnified exponentially given its global impact. The disease and constraining government stay-at-home orders require most of the world to work remotely from their homes, resulting in the unplanned consequence of inviting cybercriminals to the virtual doorsteps of an unsuspecting stay-at-home workforce. Opportunistic cybercriminals focus on the vulnerable electronic data being handled by millions of people on networks that lack commercial-grade security systems to safeguard against the illegal extraction of your organization’s data.
Not to worry. Your firm has a thorough Business Continuity Plan written for you by a highly respected consulting firm. But, it’s been a while since you’ve read it. Maybe it’s been a while since the plan was tested. Does the plan address a situation where allemployees work remotely? Are employees exposing your client’s information to well-equipped, well-funded, and well-trained cybercriminals? What can you do now when we are already all home? Taking no action and hoping for the best is not an option.
The good news is there’s still time to act. But, like inflating your raft once you’re in the river, the time to act is now. Review the steps below to help you navigate the rough waters ahead:
- Understand Your Current Reality. The world has temporarily, perhaps permanently, become a remote office workforce. Many businesses are prepared for a portion of their staff to work remotely, but not the entire staff. Transitioning to remote work will introduce new personal devices – all points of entry for cybercriminals – accessing company servers and data, overwhelming an already stretched IT department. Your policies describing the supervision of remote employees must be examined to determine how your systems work, how users are accessing data and where that data is to establish an outline of what cybersecurity resources the company needs to sustain business remotely.
- It’s All Water Under the Bridge. So your BCP program isn’t perfect. It’s never too late to make revisions. At this moment no document is more important than your BCP. The guidance provided by the BCP must be clearly understood and followed by every person in your organization. If tweaks are needed along the way, make them. Choosing not to act is a choice to leave your organization exposed to loss.
Beginning such a task can be overwhelming. As a company leader take a step back and survey what issues are most critical. Chief among the critical points of internal discussion is the technological security of the service providers with which your company engages. If another organization has access to your confidential information their security program should be scrutinized as thoroughly as your own.
- Mine! In sports, it’s easy to find examples of a specific player being proactive mid-play to communicate assignments. Whether it’s the quarterback calling out blocking accountability to his linemen, or a hockey goalie lining up her defense for an oncoming attack, someone takes charge so others know their responsibilities. When the team communicates, the outcome is usually a success.
Who is the quarterback of your BCP? In most organizations, the answer is “Everyone.” Typically, this is why even the best BCPs fail. If you are responsible for the BCP, take charge and communicate. If it’s not you, find out who is and offer to help. The BCP is a complicated document and for most, this project is unmanageable alone. Consider this a unique opportunity to align all of the departments of the organization to achieve one clear goal: the continuation of your business. Clear assignments and goals are the keys to success.
- Light at the End of the Tunnel, or an Oncoming Train? You may not believe this, but the average employee doesn’t spend a lot of time worrying about how the business will survive a global pandemic. They assume someone will take care of “it.” They don’t understand their role in keeping the business running because they haven’t received formal training.
Regular and frequent communication with your direct reports is more important than ever. While easy to decode a manager’s facial expressions at the office coffee machine, employees are less able to calm natural nervous tendencies while being isolated at home.
As IOI Capital and Markets’ Chief Compliance Officer, I am a firm believer in over-communicating. Each week senior management takes a few moments to connect with staff to explain a different company policy or practice. It is vitally important everyone understands and abides by the same policies and procedures, especially how to identify and escalate possible cyber-attacks.
- Get Your Head out of the Clouds; That’s Where Your Data Goes. Consider moving all your company’s data to cloud-based storage. Cloud-based platforms and infrastructure are designed to support employees securely working from anywhere and on any device.
- Use Multi-factor Authentication. Period. Sure, it’s a little annoying and takes a couple of extra seconds when you log in, but it works. Remember how we thought airport security scanner lines were annoying the first few times we were subjected to them. Now, not only is it a part of daily air travel, if we didn’t get scanned I wouldn’t get on the plane. MFA is an easy step designed to protect you. There is no reason not to add it to your routine. Eventually, you’ll question the security of your laptop if you realize you didn’t enter an access code.
At iownit, business disruptions shine a light on two of our greatest strengths, namely our talent and our technology. We engage talent throughout the world, allowing us to operate our trading platform 24/7/365. iownit’s technology was designed assuming every day would bring a new disruption. We handle challenges by ensuring multiple centers of software management and testing activity daily. Because of these careful measures, our business activity tends to increase during market instability.
It’s not too late. Your reality may be water over your bridge and being unsettled by the flowing currents, but inflating the raft now is better than sinking.